WindowsServer2012R2andWindows8 1GroupPolicySettings

Group Policy Settings Reference
Windows Server 2012R2 and Windows 8.1

This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with
Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs,
Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs).
You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter,
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8.
Legal Notice
This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
Some examples depicted herein are provided for illustration only and are fictitious.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
2013 Microsoft Corporation. All rights reserved.
Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server,
and Windows Vista are trademarks of the Microsoft group of companies.
All other trademarks are property of their respective owners.
This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with
Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs).
You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column.
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter,
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8.
This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
File Name
ActiveXInstallService.admx
ActiveXInstallService.admx
AddRemovePrograms.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppCompat.admx
AppxPackageManager.admx
AppXRuntime.admx
AppXRuntime.admx
AppXRuntime.admx
AppXRuntime.admx
AttachmentManager.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
AutoPlay.admx
Biometrics.admx
Biometrics.admx
Biometrics.admx
Biometrics.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
Bits.admx
CEIPEnable.admx
CEIPEnable.admx
CipherSuiteOrder.admx
COM.admx
COM.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
conf.admx
ControlPanel.admx
ControlPanel.admx
ControlPanel.admx
ControlPanel.admx
ControlPanelDisplay.admx
Cpls.admx
CredentialProviders.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredSsp.admx
CredUI.admx
CredUI.admx
CredUI.admx
CredUI.admx
CtrlAltDel.admx
CtrlAltDel.admx
CtrlAltDel.admx
CtrlAltDel.admx
DCOM.admx
DCOM.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
Desktop.admx
DeviceCompat.admx
DeviceCompat.admx
DeviceInstallation.admx
DeviceRedirection.admx
DeviceRedirection.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DeviceSetup.admx
DFS.admx
DigitalLocker.admx
DigitalLocker.admx
DiskDiagnostic.admx
DiskDiagnostic.admx
DiskNVCache.admx
DiskNVCache.admx
DiskNVCache.admx
DiskNVCache.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DiskQuota.admx
DistributedLinkTracking.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DnsClient.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
DWM.admx
EAIME.admx
EAIME.admx
EAIME.admx
EAIME.admx
EAIME.admx
EAIME.admx
EAIME.admx
EAIME.admx
EarlyLaunchAM.admx
EdgeUI.admx
EdgeUI.admx
EdgeUI.admx
EdgeUI.admx
EdgeUI.admx
EncryptFilesonMove.admx
EnhancedStorage.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
ErrorReporting.admx
EventForwarding.admx
EventForwarding.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventLog.admx
EventViewer.admx
EventViewer.admx
EventViewer.admx
Explorer.admx
Explorer.admx
Explorer.admx
Explorer.admx
Explorer.admx
Explorer.admx
ExternalBoot.admx
ExternalBoot.admx
ExternalBoot.admx
FileHistory.admx
FileRecovery.admx
FileServerVSSAgent.admx
FileServerVSSProvider.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
FileSys.admx
FolderRedirection.admx
FramePanes.admx
FramePanes.admx
fthsvc.admx
GameExplorer.admx
GameExplorer.admx
GameExplorer.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
Globalization.admx
GroupPolicy-Server.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
grouppolicy.admx
GroupPolicyPreferences.admx
Help.admx
Help.admx
Help.admx
Help.admx
HelpAndSupport.admx
HelpAndSupport.admx
HelpAndSupport.admx
HelpAndSupport.admx
hotspotauth.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
ICM.admx
IIS.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
inetres.admx
InkWatson.admx
InkWatson.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
iSCSI.admx
kdc.admx
kdc.admx
kdc.admx
kdc.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
kerberos.admx
LanmanServer.admx
LanmanServer.admx
LeakDiagnostic.admx
LinkLayerTopologyDiscovery.admx
LinkLayerTopologyDiscovery.admx
LocationProviderAdm.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
Logon.admx
MediaCenter.admx
MediaCenter.admx
MMC.admx
MMC.admx
MMC.admx
MMC.admx
MMC.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapins.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MMCSnapIns2.admx
MobilePCMobilityCenter.admx
MobilePCMobilityCenter.admx
MobilePCPresentationSettings.admx
MobilePCPresentationSettings.admx
msched.admx
msched.admx
msched.admx
MSDT.admx
MSDT.admx
MSDT.admx
Msi-FileRecovery.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
msi.admx
NAPXPQec.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
nca.admx
NCSI.admx
NCSI.admx
NCSI.admx
NCSI.admx
NCSI.admx
NCSI.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetLogon.admx
NetworkConnections.admx
NetworkIsolation.admx
NetworkProjection.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
OfflineFiles.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
P2P-pnrp.admx
ParentalControls.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
pca.admx
PeerToPeerCaching.admx
PenTraining.admx
PenTraining.admx
PerformanceDiagnostics.admx
PerformancePerftrack.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
Power.admx
PowerShellExecutionPolicy.admx
PreviousVersions.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Printing2.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
Programs.admx
PswdSync.admx
PswdSync.admx
PswdSync.admx
PswdSync.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
QOS.admx
RacWmiProv.admx
Radar.admx
ReAgent.admx
Reliability.admx
Reliability.admx
Reliability.admx
Reliability.admx
RemoteAssistance.admx
RemovableStorage.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
rpc.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
scripts.admx
sdiageng.admx
sdiageng.admx
sdiageng.admx
sdiagschd.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
Search.admx
SearchOCR.admx
SearchOCR.admx
SecurityCenter.admx
Sensors.admx
Sensors.admx
Sensors.admx
Sensors.admx
Sensors.admx
Sensors.admx
ServerManager.admx
ServerManager.admx
ServerManager.admx
ServerManager.admx
Servicing.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
SettingSync.admx
Setup.admx
Setup.admx
ShapeCollector.admx
ShapeCollector.admx
SharedFolders.admx
SharedFolders.admx
Sharing.admx
Sharing.admx
Shell-CommandPrompt-RegEditTools.admx
ShellWelcomeCenter.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
Sidebar.admx
SkyDrive.admx
SkyDrive.admx
SkyDrive.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
SmartCard.admx
Snis.admx
Snis.admx
Snmp.admx
Snmp.admx
Snmp.admx
SoundRec.admx
SoundRec.admx
srm-fci.admx
srm-fci.admx
srm-fci.admx
srm-fci.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
StartMenu.admx
SystemRestore.admx
SystemRestore.admx
TabletPCInputPanel.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
TabletShell.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
Taskbar.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
TaskScheduler.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
tcpip.admx
Terminalserver-Server.admx
TerminalServer-WinIP.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
TerminalServer.admx
Tpm.admx
Tpm.admx
Tpm.admx
Tpm.admx
Tpm.admx
Tpm.admx
Tpm.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
UserProfiles.admx
VolumeEncryption.admx
W32Time.admx
W32Time.admx
W32Time.admx
W32Time.admx
WCM.admx
WCM.admx
WCM.admx
WCM.admx
wdi.admx
wdi.admx
WinCal.admx
WinCal.admx
WindowsAnytimeUpgrade.admx
WindowsAnytimeUpgrade.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsBackup.admx
WindowsColorSystem.admx
WindowsColorSystem.admx
WindowsConnectNow.admx
WindowsDefender.admx
WindowsExplorer.admx
WindowsFileProtection.admx
windowsfirewall.admx
WindowsMail.admx
WindowsMail.admx
WindowsMail.admx
WindowsMail.admx
WindowsMediaDRM.admx
WindowsMediaPlayer.admx
WindowsMessenger.admx
WindowsRemoteManagement.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WindowsUpdate.admx
WinInit.admx
WinInit.admx
WinInit.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
WinLogon.admx
WorkFolders-Client.admx
WPN.admx
WPN.admx
WPN.admx
WPN.admx
WPN.admx
WPN.admx
WPN.admx
WPN.admx
wwansvc.admx
wwansvc.admx
Policy Setting Name
Approved Installation Sites for ActiveX Controls
Establish ActiveX installation policy for sites in Trusted zones
Specify default category for Add New Programs
Hide the "Add a program from CD-ROM or floppy disk" option
Hide the "Add programs from Microsoft" option
Hide the "Add programs from your network" option
Hide Add New Programs page
Remove Add or Remove Programs
Hide the Set Program Access and Defaults page
Hide Change or Remove Programs page
Go directly to Components Wizard
Remove Support Information
Hide Add/Remove Windows Components page
Prevent access to 16-bit applications
Remove Program Compatibility Property Page
Turn off Application Telemetry
Turn off SwitchBack Compatibility Engine
Turn off Application Compatibility Engine
Turn off Program Compatibility Assistant
Turn off Program Compatibility Assistant
Turn off Steps Recorder
Turn off Inventory Collector
Allow all trusted apps to install
Allow deployment operations in special profiles
Allow development of Windows Store apps without installing a developer license
Block launching desktop apps associated with a file.
Block launching desktop apps associated with a file.
Block launching desktop apps associated with a URI scheme
Block launching desktop apps associated with a URI scheme
Notify antivirus programs when opening attachments
Trust logic for file attachments
Do not preserve zone information in file attachments
Hide mechanisms to remove zone information
Default risk level for file attachments
Inclusion list for high risk file types
Inclusion list for low file types
Inclusion list for moderate risk file types
Set the default behavior for AutoRun
Set the default behavior for AutoRun
Prevent AutoPlay from remembering user choices.
Prevent AutoPlay from remembering user choices.
Turn off Autoplay
Turn off Autoplay
Disallow Autoplay for non-volume devices
Disallow Autoplay for non-volume devices
Allow the use of biometrics
Allow users to log on using biometrics
Allow domain users to log on using biometrics
Specify timeout for fast user switching events
Timeout for inactive BITS jobs
Limit the maximum BITS job download time
Limit the maximum network bandwidth for BITS background transfers
Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers
Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers
Allow BITS Peercaching
Limit the age of files in the BITS Peercache
Limit the BITS Peercache size
Do not allow the computer to act as a BITS Peercaching client
Do not allow the computer to act as a BITS Peercaching server
Limit the maximum network bandwidth used for Peercaching
Set default download behavior for BITS jobs on costed networks
Limit the maximum number of BITS jobs for this computer
Limit the maximum number of BITS jobs for each user
Limit the maximum number of files allowed in a BITS job
Limit the maximum number of ranges that can be added to the file in a BITS job
Do not allow the BITS client to use Windows Branch Cache
Allow Corporate redirection of Customer Experience Improvement uploads
Tag Windows Customer Experience Improvement data with Study Identifier
SSL Cipher Suite Order
Download missing COM components
Download missing COM components
Disable application Sharing
Prevent Control
Prevent Sharing
Prevent Sharing Command Prompts
Prevent Desktop Sharing
Prevent Sharing Explorer windows
Prevent Application Sharing in true color
Disable Audio
Prevent changing DirectSound Audio setting
Disable full duplex Audio
Prevent receiving Video
Prevent sending Video
Limit the bandwidth of Audio and Video
Allow persisting automatic acceptance of Calls
Disable Chat
Disable Whiteboard
Disable NetMeeting 2.x Whiteboard
Disable remote Desktop Sharing
Enable Automatic Configuration
Prevent adding Directory servers
Prevent automatic acceptance of Calls
Prevent changing Call placement method
Disable Directory services
Prevent receiving files
Prevent sending files
Prevent viewing Web directory
Limit the size of sent files
Set the intranet support Web page
Set Call Security options
Disable the Advanced Calling button
Hide the Audio page
Hide the General page
Hide the Security page
Hide the Video page
Hide specified Control Panel items
Always open All Control Panel Items when opening Control Panel
Prohibit access to Control Panel and PC settings
Show only specified Control Panel items
Disable the Display Control Panel
Hide Settings tab
Prevent changing color and appearance
Prevent changing screen saver
Enable screen saver
Force specific screen saver
Password protect the screen saver
Screen saver timeout
Prevent changing desktop background
Prevent changing sounds
Prevent changing mouse pointers
Prevent changing desktop icons
Prevent changing color scheme
Prevent changing theme
Load a specific theme
Prevent changing visual style for windows and buttons
Force a specific visual style file or force Windows Classic
Prohibit selection of visual style font size
Do not display the lock screen
Prevent changing lock screen image
Prevent enabling lock screen slide show
Prevent enabling lock screen camera
Force a specific background and accent color
Force a specific Start background
Prevent changing start menu background
Force a specific default lock screen image
Apply the default account picture to all users
Assign a default domain for logon
Exclude credential providers
Turn on PIN sign-in
Turn off picture password sign-in
Allow users to select when a password is required when resuming from connected standby
Allow delegating default credentials
Allow delegating default credentials with NTLM-only server authentication
Allow delegating fresh credentials
Allow delegating fresh credentials with NTLM-only server authentication
Allow delegating saved credentials
Allow delegating saved credentials with NTLM-only server authentication
Deny delegating default credentials
Deny delegating fresh credentials
Deny delegating saved credentials
Restrict delegation of credentials to remote servers
Enumerate administrator accounts on elevation
Require trusted path for credential entry
Do not display the password reveal button
Do not display the password reveal button
Remove Change Password
Remove Lock Computer
Remove Task Manager
Remove Logoff
Allow local activation security check exemptions
Define Activation Security Check exemptions
Enable Active Desktop
Disable Active Desktop
Prohibit changes
Add/Delete items
Prohibit adding items
Prohibit closing items
Prohibit deleting items
Prohibit editing items
Disable all items
Allow only bitmapped wallpaper
Desktop Wallpaper
Enable filter in Find dialog box
Hide Active Directory folder
Maximum size of Active Directory searches
Prohibit User from manually redirecting Profile Folders
Hide and disable all items on the desktop
Remove the Desktop Cleanup Wizard
Hide Internet Explorer icon on desktop
Remove Computer icon on the desktop
Remove My Documents icon on the desktop
Hide Network Locations icon on desktop
Remove Properties from the Computer icon context menu
Remove Properties from the Documents icon context menu
Do not add shares of recently opened documents to Network Locations
Remove Recycle Bin icon from desktop
Remove Properties from the Recycle Bin context menu
Don't save settings at exit
Prevent adding
Prohibit adjusting desktop toolbars
Turn off Aero Shake window minimizing mouse gesture
Device compatibility settings
Driver compatibility settings
Prioritize all digitally signed drivers equally during the driver ranking and selection process
Configure device installation time-out
Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point
Allow remote access to the Plug and Play interface
Allow administrators to override Device Installation Restriction policies
Allow installation of devices using drivers that match these device setup classes
Prevent installation of devices using drivers that match these device setup classes
Allow installation of devices that match any of these device IDs
Prevent installation of devices that match any of these device IDs
Prevent installation of removable devices
Prevent installation of devices not described by other policy settings
Time (in seconds) to force reboot when required for policy changes to take effect
Display a custom message title when device installation is prevented by a policy setting
Display a custom message when installation is prevented by a policy setting
Allow non-administrators to install drivers for these device setup classes
Code signing for device drivers
Prevent redirection of USB devices
Prevent redirection of devices that match any of these device Ids
Turn off "Found New Hardware" balloons during device installation
Do not send a Windows error report when a generic driver is installed on a device
Prevent Windows from sending an error report when a device driver requests additional software during installation
Configure driver search locations
Turn off Windows Update device driver search prompt
Turn off Windows Update device driver search prompt
Specify search order for device driver source locations
Specify the search server for device driver updates
Prevent device metadata retrieval from the Internet
Configure how often a DFS client discovers domain controllers
Do not allow Digital Locker to run
Do not allow Digital Locker to run
Disk Diagnostic: Configure custom alert text
Disk Diagnostic: Configure execution level
Turn off boot and resume optimizations
Turn off cache power mode
Turn off non-volatile cache feature
Turn off solid state mode
Enable disk quotas
Enforce disk quota limit
Specify default quota limit and warning level
Log event when quota limit is exceeded
Log event when quota warning level is exceeded
Apply policy to removable media
Allow Distributed Link Tracking clients to use domain resources
Connection-specific DNS suffix
DNS servers
Primary DNS suffix
Register DNS records with connection-specific DNS suffix
Register PTR records
Dynamic update
Replace addresses in conflicts
Registration refresh interval
TTL value for A and PTR records
DNS suffix search list
Update security level
Update top level domain zones
Primary DNS suffix devolution
Turn off smart multi-homed name resolution
Turn off smart protocol reordering
Allow NetBT queries for fully qualified domain names
Prefer link local responses over DNS when received over a network with higher precedence
Turn off IDN encoding
IDN mapping
Do not allow window animations
Do not allow window animations
Do not allow Flip3D invocation
Do not allow Flip3D invocation
Use solid color for Start background
Specify a default color
Specify a default color
Do not allow color changes
Do not allow color changes
Turn on misconversion logging for misconversion report
Turn off saving auto-tuning data to file
Turn off history-based predictive input
Turn off Open Extended Dictionary
Turn off Internet search integration
Turn off custom dictionary
Restrict character code range of conversion
Do not include Non-Publishing Standard Glyph in the candidate list
Boot-Start Driver Initialization Policy
Turn off switching between recent apps
Turn off tracking of app usage
App switching
Charms
WinX
Do not automatically encrypt files moved to encrypted folders
Allow only USB root hub connected Enhanced Storage devices
Lock Enhanced Storage when the computer is locked
Do not allow non-Enhanced Storage removable devices
Do not allow password authentication of Enhanced Storage devices
Do not allow Windows to activate Enhanced Storage devices
Configure list of IEEE 1667 silos usable on your computer
Configure list of Enhanced Storage devices usable on your computer
Configure Error Reporting
Display Error Notification
Disable Windows Error Reporting
Disable Windows Error Reporting
Prevent display of the user interface for critical errors
Disable logging
Disable logging
Do not send additional data
Do not send additional data
Do not throttle additional data
Do not throttle additional data
Send additional data when on battery power
Send additional data when on battery power
Send data when on connected to a restricted/costed network
Send data when on connected to a restricted/costed network
Automatically send memory dumps for OS-generated error reports
Automatically send memory dumps for OS-generated error reports
Default application reporting settings
List of applications to never report errors for
List of applications to always report errors for
Report operating system errors
Configure Report Archive
Configure Report Archive
Configure Corporate Windows Error Reporting
List of applications to be excluded
List of applications to be excluded
Configure Report Queue
Configure Report Queue
Customize consent settings
Customize consent settings
Ignore custom consent settings
Ignore custom consent settings
Configure Default consent
Configure Default consent

Back up log automatically when full
Configure log access
Control Event Log behavior when the log file reaches its maximum size
Control the location of the log file
Specify the maximum log file size (KB)
Turn on logging
Events.asp program
Events.asp program command line parameters
Events.asp URL
Display the menu bar in File Explorer
Prevent users from adding files to the root of their Users Files folder.
Turn off common control and window animations
Turn off Data Execution Prevention for Explorer
Turn off heap termination on corruption
Set a support web page link
Windows To Go Default Startup Options
Allow hibernate (S4) when starting from a Windows To Go workspace
Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace
Turn off File History
Configure Corrupted File Recovery behavior
Configure maximum age of file server shadow copies
Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.
Selectively allow the evaluation of a symbolic link
Do not allow compression on all NTFS volumes
Do not allow encryption on all NTFS volumes
Enable NTFS pagefile encryption
Short name creation options
Disable delete notifications on all volumes
Enable / disable TXF deprecated features
Use localized subfolder names when redirecting Start Menu and My Documents
Do not automatically make all redirected folders available offline
Do not automatically make specific redirected folders available offline
Use localized subfolder names when redirecting Start Menu and My Documents
Enable optimized move of contents in Offline Files cache on Folder Redirection server path change
Redirect folders on primary computers only
Redirect folders on primary computers only
Turn on or off details pane
Turn off Preview Pane
Configure Scenario Execution Level
Turn off downloading of game information
Turn off tracking of last play time of games in the Games folder
Turn off game updates
Disallow selection of Custom Locales
Disallow selection of Custom Locales
Restrict system locales
Disallow copying of user input methods to the system account for sign-in
Restrict user locales
Restrict user locales
Disallow changing of geographic location
Disallow changing of geographic location
Disallow user override of locale settings
Disallow user override of locale settings
Hide Regional and Language Options administrative options
Hide the geographic location option
Hide the select language group options
Hide user locale selection and customization options
Restricts the UI language Windows uses for all logged users
Restricts the UI languages Windows should use for the selected user
Force selected system UI language to overwrite the user UI language
Restrict selection of Windows menus and dialogs language
Turn off offer text predictions as I type
Turn off insert a space after selecting a text prediction
Turn off autocorrect misspelled words
Turn off highlight misspelled words
Block clean-up of unused language packs
Century interpretation for Year 2000
Turn off automatic learning
Turn off automatic learning
Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
Configure Group Policy Caching
Configure Logon Script Delay
Enable AD/DFS domain controller synchronization during policy refresh
Turn off Group Policy Client Service AOAC optimization
Configure Direct Access connections as a fast network connection
Change Group Policy processing to run asynchronously when a slow network connection is detected.
Turn off Local Group Policy Objects processing
Specify startup policy processing wait time
Allow cross-forest user policy and roaming user profiles
Configure software Installation policy processing
Configure disk quota policy processing
Configure EFS recovery policy processing
Configure folder redirection policy processing
Configure Internet Explorer Maintenance policy processing
Configure IP security policy processing
Configure registry policy processing
Configure scripts policy processing
Configure security policy processing
Configure wireless policy processing
Configure wired policy processing
Determine if interactive users can generate Resultant Set of Policy data
Determine if interactive users can generate Resultant Set of Policy data
Turn off automatic update of ADM files
Turn off background refresh of Group Policy
Remove users' ability to invoke machine policy refresh
Enforce Show Policies Only
Configure Group Policy domain controller selection
Configure Group Policy slow link detection
Configure Group Policy slow link detection
Set Group Policy refresh interval for computers
Set Group Policy refresh interval for domain controllers
Set Group Policy refresh interval for users
Set default name for new Group Policy objects
Create new Group Policy Object links disabled by default
Always use local ADM files for Group Policy Object Editor
Turn off Resultant Set of Policy logging
Configure user Group Policy loopback processing mode
Specify workplace connectivity wait time for policy processing
Configure Applications preference extension policy processing
Configure Applications preference logging and tracing
Configure Data Sources preference extension policy processing
Configure Data Sources preference logging and tracing
Configure Devices preference extension policy processing
Configure Devices preference logging and tracing
Configure Drive Maps preference extension policy processing
Configure Drive Maps preference logging and tracing
Configure Environment preference extension policy processing
Configure Environment preference logging and tracing
Configure Files preference extension policy processing
Configure Files preference logging and tracing
Configure Folder Options preference extension policy processing
Configure Folder Options preference logging and tracing
Configure Folders preference extension policy processing
Configure Folders preference logging and tracing
Configure Ini Files preference extension policy processing
Configure Ini Files preference logging and tracing
Configure Internet Settings preference extension policy processing
Configure Internet Settings preference logging and tracing
Configure Local Users and Groups preference extension policy processing
Configure Local Users and Groups preference logging and tracing
Configure Network Options preference extension policy processing
Configure Network Options preference logging and tracing
Configure Network Shares preference extension policy processing
Configure Network Shares preference logging and tracing
Configure Power Options preference extension policy processing
Configure Power Options preference logging and tracing
Configure Printers preference extension policy processing
Configure Printers preference logging and tracing
Configure Regional Options preference extension policy processing
Configure Regional Options preference logging and tracing
Configure Registry preference extension policy processing
Configure Registry preference logging and tracing
Configure Scheduled Tasks preference extension policy processing
Configure Scheduled Tasks preference logging and tracing
Configure Services preference extension policy processing
Configure Services preference logging and tracing
Configure Shortcuts preference extension policy processing
Configure Shortcuts preference logging and tracing
Configure Start Menu preference extension policy processing
Configure Start Menu preference logging and tracing
Permit use of Application snap-ins
Permit use of Applications preference extension
Permit use of Control Panel Settings (Computers)
Permit use of Data Sources preference extension
Permit use of Environment preference extension
Permit use of Files preference extension
Permit use of Folders preference extension
Permit use of Folder Options preference extension
Permit use of Internet Settings preference extension
Permit use of Local Users and Groups preference extension
Permit use of Power Options preference extension
Permit use of Registry preference extension
Permit use of Scheduled Tasks preference extension
Permit use of Shortcuts preference extension
Permit use of Start Menu preference extension
Permit use of Control Panel Settings (Users)
Permit use of Preferences tab
Restrict potentially unsafe HTML Help functions to specified folders
Restrict these programs from being launched from Help
Restrict these programs from being launched from Help
Turn off Data Execution Prevention for HTML Help Executible
Turn off Active Help
Turn off Help Ratings
Turn off Help Experience Improvement Program
Turn off Windows Online
Enable Hotspot Authentication
Restrict Internet communication
Restrict Internet communication
Turn off Automatic Root Certificates Update
Turn off printing over HTTP
Turn off printing over HTTP
Turn off downloading of print drivers over HTTP
Turn off downloading of print drivers over HTTP
Turn off Windows Update device driver searching
Turn off Event Viewer "Events.asp" links
Turn off Help and Support Center "Did you know?" content
Turn off Help and Support Center Microsoft Knowledge Base search
Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com
Turn off Registration if URL connection is referring to Microsoft.com
Turn off Windows Error Reporting
Turn off access to all Windows Update features
Turn off Search Companion content file updates
Turn off Internet File Association service
Turn off Internet File Association service
Turn off access to the Store
Turn off access to the Store
Turn off Internet download for Web publishing and online ordering wizards
Turn off Internet download for Web publishing and online ordering wizards
Turn off the "Order Prints" picture task
Turn off the "Order Prints" picture task
Turn off the "Publish to Web" task for files and folders
Turn off the "Publish to Web" task for files and folders
Turn off the Windows Messenger Customer Experience Improvement Program
Turn off the Windows Messenger Customer Experience Improvement Program
Turn off Windows Customer Experience Improvement Program
Turn off Windows Network Connectivity Status Indicator active tests
Prevent IIS installation
Audio/Video Player
Carpoint
DHTML Edit Control
Shockwave Flash
Investor
Menu Controls
Microsoft Agent
Microsoft Chat
MSNBC
NetShow File Transfer Control
Microsoft Scriptlet Component
Microsoft Survey Control
Turn off the flip ahead with page prediction feature
Turn off the flip ahead with page prediction feature
Turn off loading websites and content in the background to optimize performance
Turn off loading websites and content in the background to optimize performance
Turn on the swiping motion on Internet Explorer for the desktop
Turn on the swiping motion on Internet Explorer for the desktop
Allow active content from CDs to run on user machines
Allow active content from CDs to run on user machines
Check for server certificate revocation
Check for server certificate revocation
Turn off ClearType
Turn off ClearType
Turn on Caret Browsing support
Turn on Caret Browsing support
Turn on Enhanced Protected Mode
Turn on Enhanced Protected Mode
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled
Always send Do Not Track header
Always send Do Not Track header
Use HTTP 1.1
Use HTTP 1.1
Use HTTP 1.1 through proxy connections
Use HTTP 1.1 through proxy connections
Allow Internet Explorer to use the SPDY/3 network protocol
Allow Internet Explorer to use the SPDY/3 network protocol
Turn off encryption support
Turn off encryption support
Do not allow resetting Internet Explorer settings
Do not allow resetting Internet Explorer settings
Check for signatures on downloaded programs
Check for signatures on downloaded programs
Allow third-party browser extensions
Allow third-party browser extensions
Allow Install On Demand (Internet Explorer)
Allow Install On Demand (Internet Explorer)
Allow Install On Demand (except Internet Explorer)
Allow Install On Demand (except Internet Explorer)
Automatically check for Internet Explorer updates
Automatically check for Internet Explorer updates
Allow software to run or install even if the signature is invalid
Allow software to run or install even if the signature is invalid
Play animations in web pages
Play animations in web pages
Play sounds in web pages
Play sounds in web pages
Play videos in web pages
Play videos in web pages
Turn off Profile Assistant
Turn off Profile Assistant
Do not save encrypted pages to disk
Do not save encrypted pages to disk
Empty Temporary Internet Files folder when browser is closed
Empty Temporary Internet Files folder when browser is closed
Show Content Advisor on Internet Options
Show Content Advisor on Internet Options
Turn on inline AutoComplete
Turn off inline AutoComplete in File Explorer
Go to an intranet site for a one-word entry in the Address bar
Go to an intranet site for a one-word entry in the Address bar
Turn on script debugging
Turn off details in messages about Internet connection problems
Turn off page transitions
Turn on the display of script errors
Turn off smooth scrolling
Turn off configuring underline links
Turn off phone number detection
Turn off phone number detection
Subscription Limits
Disable adding channels
Disable adding schedules for offline pages
Disable offline page hit logging
Disable channel user interface completely
Disable editing and creating of schedule groups
Disable editing schedules for offline pages
Disable removing channels
Disable removing schedules for offline pages
Disable all scheduled offline pages
Disable downloading of site subscription content
Prevent specifying the code download path for each computer
Prevent choosing default text size
Disable the Advanced page
Disable the Advanced page
Disable the Connections page
Disable the Connections page
Disable the Content page
Disable the Content page
Disable the General page
Disable the General page
Disable the Privacy page
Disable the Privacy page
Disable the Programs page
Disable the Programs page
Disable the Security page
Disable the Security page
Send internationalized domain names
Send internationalized domain names
Use UTF-8 for mailto links
Use UTF-8 for mailto links
Prevent ignoring certificate errors
Prevent ignoring certificate errors
Turn off sending URL path as UTF-8
Prevent specifying background color
Prevent specifying text color
Prevent the use of Windows colors
Prevent specifying cipher strength update information URLs
Start the Internet Connection Wizard automatically
Add-on List
Add-on List
Deny all add-ons unless specifically allowed in the Add-on List
Deny all add-ons unless specifically allowed in the Add-on List
All Processes
All Processes
Process List
Process List
Admin-approved behaviors
Admin-approved behaviors
Install binaries signed by MD2 and MD4 signing technologies
Install binaries signed by MD2 and MD4 signing technologies
All Processes
All Processes
Internet Explorer Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
All Processes
All Processes
Process List
Process List
Internet Zone Restricted Protocols
Internet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Intranet Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Local Machine Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Restricted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
Trusted Sites Zone Restricted Protocols
Turn off Crash Detection
Turn off Crash Detection
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar
Turn off Automatic Crash Recovery
Turn off Automatic Crash Recovery
Turn off Reopen Last Browsing Session
Turn off Reopen Last Browsing Session
Do not allow users to enable or disable add-ons
Do not allow users to enable or disable add-ons
Add a specific list of search providers to the user's list of search providers
Add a specific list of search providers to the user's list of search providers
Turn on menu bar by default
Turn on menu bar by default
Turn off Favorites bar
Turn off Favorites bar
Disable caching of Auto-Proxy scripts
Disable external branding of Internet Explorer
Disable changing Advanced page settings
Customize user agent string
Customize user agent string
Use Automatic Detection for dial-up connections
Prevent "Fix settings" functionality
Prevent "Fix settings" functionality
Prevent managing the phishing filter
Prevent managing the phishing filter
Turn off Managing SmartScreen Filter for Internet Explorer 8
Prevent changing pop-up filter level
Display error message on proxy script download failure
Turn on compatibility logging
Turn on compatibility logging
Enforce full-screen mode
Enforce full-screen mode
Disable Import/Export Settings wizard
Disable Import/Export Settings wizard
Turn off browser geolocation
Turn off browser geolocation
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects
Turn off page-zooming functionality
Turn off page-zooming functionality
Identity Manager: Prevent users from using Identities
Automatically activate newly installed add-ons
Automatically activate newly installed add-ons
Turn off add-on performance notifications
Turn off add-on performance notifications
Turn on ActiveX Filtering
Turn on ActiveX Filtering
Configure Media Explorer Bar
Prevent access to Delete Browsing History
Prevent access to Delete Browsing History
Prevent deleting form data
Prevent deleting form data
Prevent deleting passwords
Prevent deleting passwords
Prevent deleting cookies
Prevent deleting cookies
Prevent deleting websites that the user has visited
Prevent deleting websites that the user has visited
Prevent deleting download history
Prevent deleting download history
Prevent deleting temporary Internet files
Prevent deleting temporary Internet files
Prevent deleting InPrivate Filtering data
Prevent deleting InPrivate Filtering data
Prevent deleting ActiveX Filtering
Prevent deleting ActiveX Filtering
Prevent deleting favorites site data
Prevent deleting favorites site data
Allow deleting browsing history on exit
Allow deleting browsing history on exit
Prevent running First Run wizard
Prevent running First Run wizard
Prevent access to Internet Explorer Help
Prevent access to Internet Explorer Help
Prevent Internet Explorer Search box from appearing
Prevent Internet Explorer Search box from appearing
Turn off suggestions for all user-installed providers
Turn off suggestions for all user-installed providers
Turn off the quick pick menu
Turn off the quick pick menu
Disable Automatic Install of Internet Explorer components
Set tab process growth
Set tab process growth
Allow Internet Explorer 8 shutdown behavior
Allow Internet Explorer 8 shutdown behavior
Specify default behavior for a new tab
Specify default behavior for a new tab
Turn off Tab Grouping
Turn off Quick Tabs functionality
Turn off Quick Tabs functionality
Prevent changing the default search provider
Prevent changing the default search provider
Disable showing the splash screen
Turn off tabbed browsing
Turn off tabbed browsing
Turn off configuration of pop-up windows in tabbed browsing
Turn off configuration of pop-up windows in tabbed browsing
Disable Periodic Check for Internet Explorer software updates
Prevent configuration of how windows open
Prevent configuration of how windows open
Configure Outlook Express
Pop-up allow list
Pop-up allow list
Disable changing accessibility settings
Disable changing Automatic Configuration settings
Disable changing Automatic Configuration settings
Disable changing Temporary Internet files settings
Disable changing Calendar and Contact settings
Disable changing certificate settings
Disable changing default browser check
Notify users if Internet Explorer is not the default web browser
Disable changing color settings
Disable changing connection settings
Disable changing connection settings
Disable Internet Connection wizard
Disable changing font settings
Disable AutoComplete for forms
Turn on the auto-complete feature for user names and passwords on forms
Disable "Configuring History"
Disable "Configuring History"
Disable changing home page settings
Disable changing secondary home page settings
Disable changing secondary home page settings
Disable changing language settings
Disable changing link color settings
Disable changing Messaging settings
Prevent managing pop-up exception list
Prevent managing pop-up exception list
Turn off pop-up management
Turn off pop-up management
Disable changing Profile Assistant settings
Prevent changing proxy settings
Prevent changing proxy settings
Disable changing ratings settings
Disable the Reset Web Settings feature
Prevent the deletion of temporary Internet files and cookies
Prevent the deletion of temporary Internet files and cookies
Turn off the auto-complete feature for web addresses
Turn off the auto-complete feature for web addresses
Turn off Windows Search AutoComplete
Turn off Windows Search AutoComplete
Turn off URL Suggestions
Turn off URL Suggestions
Search: Disable Find Files via F3 within the browser
Search: Disable Search Customization
Security Zones: Use only machine settings
Security Zones: Do not allow users to change policies
Security Zones: Do not allow users to add/delete sites
Disable software update shell notifications on program launch
Restrict search providers to a specific list
Restrict search providers to a specific list
Prevent participation in the Customer Experience Improvement Program
Prevent participation in the Customer Experience Improvement Program
Prevent configuration of new tab creation
Prevent configuration of new tab creation
Make proxy settings per-machine (rather than per-user)
Allow websites to open windows without status bar or Address bar
Allow video and animation on a webpage that uses an older media player
Allow scriptlets
Allow scriptlets
Turn off first-run prompt
Include local path when user is uploading files to a server
Turn on SmartScreen Filter scan
Allow websites to prompt for information by using scripted windows
Allow updates to status bar via script
Turn on Protected Mode
Show security warning for potentially unsafe files
Allow loading of XAML Browser Applications
Allow scripting of Internet Explorer WebBrowser controls
Turn off .NET Framework Setup
Allow loading of XAML files
Allow loading of XPS files
Access data sources across domains
Allow active scripting
Allow only approved domains to use ActiveX controls without prompt
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Allow binary and script behaviors
Use Pop-up Blocker
Use Pop-up Blocker
Display mixed content
Download signed ActiveX controls
Download unsigned ActiveX controls
Allow drag and drop or copy and paste files
Render legacy filters
Allow file downloads
Allow font downloads
Allow installation of desktop items
Java permissions
Java permissions
Launching applications and files in an IFRAME
Logon options
Logon options
Enable MIME Sniffing
Enable dragging of content from different domains within a window
Enable dragging of content from different domains across windows
Navigate windows and frames across different domains
Allow active content over restricted protocols to access my computer
Do not prompt for client certificate selection when no certificates or only one certificate exists.
Automatic prompting for ActiveX controls
Automatic prompting for file downloads
Run ActiveX controls and plugins
Script ActiveX controls marked safe for scripting
Don't run antimalware programs against ActiveX controls
Initialize and script ActiveX controls not marked as safe
Scripting of Java applets
Run .NET Framework-reliant components signed with Authenticode
Software channel permissions
Submit non-encrypted form data
Turn on Cross-Site Scripting Filter
Run .NET Framework-reliant components not signed with Authenticode
Userdata persistence
Allow script-initiated windows without size or position constraints
Web sites in less privileged Web content zones can navigate into this zone
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Intranet Sites: Include all local (intranet) sites not listed in other zones
Intranet Sites: Include all local (intranet) sites not listed in other zones
Turn on certificate address mismatch warning
Turn on certificate address mismatch warning
Locked-Down Internet Zone Template
Locked-Down Internet Zone Template
Internet Zone Template
Internet Zone Template
Locked-Down Intranet Zone Template
Locked-Down Intranet Zone Template
Intranet Zone Template
Intranet Zone Template
Locked-Down Local Machine Zone Template
Locked-Down Local Machine Zone Template
Local Machine Zone Template
Local Machine Zone Template
Locked-Down Restricted Sites Zone Template
Locked-Down Restricted Sites Zone Template
Restricted Sites Zone Template
Restricted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Locked-Down Trusted Sites Zone Template
Trusted Sites Zone Template
Trusted Sites Zone Template
Intranet Sites: Include all sites that bypass the proxy server
Intranet Sites: Include all sites that bypass the proxy server
Intranet Sites: Include all network paths (UNCs)
Intranet Sites: Include all network paths (UNCs)
Site to Zone Assignment List
Site to Zone Assignment List
Turn on automatic detection of intranet
Turn on automatic detection of intranet
Turn on Notification bar notification for intranet content
Turn on Notification bar notification for intranet content
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Allow scriptlets
Allow scriptlets
Allow META REFRESH
Allow META REFRESH
Allow cut
Allow cut
Use Pop-up Blocker
Use Pop-up Blocker
Java permissions
Java permissions
Logon options
Logon options
Prevent specifying the hover color
Prevent specifying the color of links that have not yet been clicked
Prevent specifying the color of links that have already been clicked
Turn on the hover color option
File menu: Disable closing the browser and Explorer windows
File menu: Disable Save As... menu option
File menu: Disable Save As Web Page Complete
File menu: Disable New menu option
File menu: Disable Open menu option
Help menu: Remove 'Send Feedback' menu option
Help menu: Remove 'For Netscape Users' menu option
Help menu: Remove 'Tip of the Day' menu option
Help menu: Remove 'Tour' menu option
Turn off Shortcut Menu
Hide Favorites menu
Disable Open in New Window menu option
Disable Save this program to disk option
Turn off Print Menu
Turn off Print Menu
Tools menu: Disable Internet Options... menu option
View menu: Disable Full Screen menu option
View menu: Disable Source menu option
Turn off automatic image resizing
Turn off image display
Allow Internet Explorer to play media files that use alternative codecs
Allow Internet Explorer to play media files that use alternative codecs
Allow the display of image download placeholders
Turn off smart image dithering
File size limits for Local Machine zone
File size limits for Intranet zone
File size limits for Trusted Sites zone
File size limits for Internet zone
File size limits for Restricted Sites zone
Turn on printing of background colors and images
Turn off background synchronization for feeds and Web Slices
Turn off background synchronization for feeds and Web Slices
Prevent downloading of enclosures
Prevent downloading of enclosures
Prevent subscribing to or deleting a feed or a Web Slice
Prevent subscribing to or deleting a feed or a Web Slice
Prevent automatic discovery of feeds and Web Slices
Prevent automatic discovery of feeds and Web Slices
Prevent access to feed list
Prevent access to feed list
Turn on Basic feed authentication over HTTP
Turn on Basic feed authentication over HTTP
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in any process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Bypass prompting for Clipboard access for scripts running in the Internet Explorer process
Define applications and processes that can access the Clipboard without prompting
Define applications and processes that can access the Clipboard without prompting
Prevent configuration of search on Address bar
Prevent configuration of search on Address bar
Prevent configuration of top-result search on Address bar
Prevent configuration of top-result search on Address bar
Allow native XMLHTTP support
Allow native XMLHTTP support
Turn off Data URI support
Turn off Data URI support
Turn off Data Execution Prevention
Do not display the reveal password button
Do not display the reveal password button
Change the maximum number of connections per host (HTTP 1.1)
Change the maximum number of connections per host (HTTP 1.1)
Maximum number of connections per server (HTTP 1.0)
Maximum number of connections per server (HTTP 1.0)
Turn off cross-document messaging
Turn off cross-document messaging
Turn off the XDomainRequest object
Turn off the XDomainRequest object
Turn off the WebSocket Object
Turn off the WebSocket Object
Set the maximum number of WebSocket connections per server
Set the maximum number of WebSocket connections per server
Turn on automatic signup
Turn off toolbar upgrade tool
Turn off toolbar upgrade tool
Turn off Developer Tools
Turn off Developer Tools
Disable customizing browser toolbars
Disable customizing browser toolbar buttons
Configure Toolbar Buttons
Hide the Command bar
Hide the Command bar
Hide the status bar
Hide the status bar
Lock all toolbars
Lock all toolbars
Lock location of Stop and Refresh buttons
Lock location of Stop and Refresh buttons
Customize command labels
Customize command labels
Use large icons for command buttons
Use large icons for command buttons
Display tabs on a separate row
Display tabs on a separate row
Prevent specifying the update check interval (in days)
Prevent changing the URL for checking updates to Internet Explorer and Internet Tools
Turn off ActiveX Opt-In prompt
Turn off ActiveX Opt-In prompt
Prevent per-user installation of ActiveX controls
Prevent per-user installation of ActiveX controls
Specify use of ActiveX Installer Service for installation of ActiveX controls
Specify use of ActiveX Installer Service for installation of ActiveX controls
Turn on Suggested Sites
Turn on Suggested Sites
Turn off InPrivate Browsing
Turn off InPrivate Browsing
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts
Turn off collection of InPrivate Filtering data
Turn off collection of InPrivate Filtering data
Establish InPrivate Filtering threshold
Establish InPrivate Filtering threshold
Turn off InPrivate Filtering
Turn off InPrivate Filtering
Establish Tracking Protection threshold
Establish Tracking Protection threshold
Turn off Tracking Protection
Turn off Tracking Protection
Add non-default Accelerators
Add non-default Accelerators
Add default Accelerators
Add default Accelerators
Turn off Accelerators
Turn off Accelerators
Restrict Accelerators to those deployed through Group Policy
Restrict Accelerators to those deployed through Group Policy
Turn on Internet Explorer 7 Standards Mode
Turn on Internet Explorer 7 Standards Mode
Turn off Compatibility View
Turn off Compatibility View
Turn on Internet Explorer Standards Mode for local intranet
Turn on Internet Explorer Standards Mode for local intranet
Turn off Compatibility View button
Turn off Compatibility View button
Use Policy List of Internet Explorer 7 sites
Use Policy List of Internet Explorer 7 sites
Use Policy List of Quirks Mode sites
Use Policy List of Quirks Mode sites
Include updated website lists from Microsoft
Include updated website lists from Microsoft
Turn off ability to pin sites in Internet Explorer on the desktop
Turn off ability to pin sites in Internet Explorer on the desktop
Set default storage limits for websites
Set default storage limits for websites
Allow websites to store indexed databases on client computers
Allow websites to store indexed databases on client computers
Set indexed database storage limits for individual domains
Set indexed database storage limits for individual domains
Set maximum indexed database storage limit for all domains
Set maximum indexed database storage limit for all domains
Allow websites to store application caches on client computers
Allow websites to store application caches on client computers
Set application cache storage limits for individual domains
Set application cache storage limits for individual domains
Set maximum application caches storage limit for all domains
Set maximum application caches storage limit for all domains
Set application caches expiration time limit for individual domains
Set application caches expiration time limit for individual domains
Set maximum application cache resource list size
Set maximum application cache resource list size
Set maximum application cache individual resource size
Set maximum application cache individual resource size
Start Internet Explorer with tabs from last browsing session
Start Internet Explorer with tabs from last browsing session
Open Internet Explorer tiles on the desktop
Open Internet Explorer tiles on the desktop
Set how links are opened in Internet Explorer
Set how links are opened in Internet Explorer
Install new versions of Internet Explorer automatically
Turn off handwriting recognition error reporting
Turn off handwriting recognition error reporting
Do not allow manual configuration of iSNS servers
Do not allow manual configuration of target portals
Do not allow manual configuration of discovered targets
Do not allow adding new targets via manual configuration
Do not allow changes to initiator iqn name
Do not allow additional session logins
Do not allow changes to initiator CHAP secret
Do not allow connections without IPSec
Do not allow sessions without mutual CHAP
Do not allow sessions without one way CHAP
Provide information about previous logons to client computers
Use forest search order
KDC support for claims
Warning for large Kerberos tickets
Define host name-to-Kerberos realm mappings
Define interoperable Kerberos V5 realm settings
Require strict KDC validation
Use forest search order
Require strict target SPN match on remote procedure calls
Specify KDC proxy servers for Kerberos clients
Disable revocation checking for the SSL certificate of KDC proxy servers
Fail authentication requests when Kerberos armoring is not available
Support compound authentication
Set maximum Kerberos SSPI context token buffer size
Kerberos client support for claims
Hash Publication for BranchCache
Hash Version support for BranchCache
Turn on Mapper I/O (LLTDIO) driver
Turn on Responder (RSPNDR) driver
Turn off Windows Location Provider
Do not process the legacy run list
Do not process the legacy run list
Do not process the run once list
Do not process the run once list
Always use classic logon
Do not display the Getting Started welcome screen at logon
Run these programs at user logon
Run these programs at user logon
Always wait for the network at computer startup and logon
Remove Boot / Shutdown / Logon / Logoff status messages
Do not display the Getting Started welcome screen at logon
Display highly detailed status messages
Hide entry points for Fast User Switching
Turn off Windows Startup sound
Show first sign-in animation
Always use custom logon background
Do not enumerate connected users on domain-joined computers
Enumerate local users on domain-joined computers
Turn off app notifications on the lock screen
Do not allow Windows Media Center to run
Do not allow Windows Media Center to run
Restrict the user from entering author mode
Restrict users to the explicitly permitted list of snap-ins
Extended View (Web View)
ActiveX Control
Link to Web Address
AppleTalk Routing
Authorization Manager
Certification Authority Policy Settings
Connection Sharing (NAT)
DCOM Configuration Extension
Device Manager
DHCP Relay Management
Enterprise PKI
Event Viewer
Event Viewer (Windows Vista)
IAS Logging
IGMP Routing
IP Routing
IPX RIP Routing
IPX Routing
IPX SAP Routing
Logical and Mapped Drives
Online Responder
OSPF Routing
Public Key Policies
RAS Dialin - User Node
Remote Access
Removable Storage
RIP Routing
Routing
Send Console Message
Service Dependencies
Shared Folders Ext
SMTP Protocol
SNMP
System Properties
Group Policy Management
Group Policy Object Editor
Group Policy tab for Active Directory Tools
Resultant Set of Policy snap-in
Administrative Templates (Computers)
Administrative Templates (Users)
Folder Redirection
Internet Explorer Maintenance
IP Security Policy Management
Windows Firewall with Advanced Security
NAP Client Configuration
Remote Installation Services
Scripts (Startup/Shutdown)
Scripts (Logon/Logoff)
Security Settings
Software Installation (Computers)
Software Installation (Users)
Wired Network (IEEE 802.3) Policies
Wireless Network (IEEE 802.11) Policies
Administrative Templates (Computers)
Administrative Templates (Users)
Folder Redirection
Internet Explorer Maintenance
Scripts (Startup/Shutdown)
Scripts (Logon/Logoff)
Security Settings
Software Installation (Computers)
Software Installation (Users)
Active Directory Domains and Trusts
Active Directory Sites and Services
Active Directory Users and Computers
ADSI Edit
Certification Authority
Certificates
Certificate Templates
Component Services
Computer Management
Device Manager
Distributed File System
Disk Defragmenter
Disk Management
Event Viewer
Event Viewer (Windows Vista)
Failover Clusters Manager
FAX Service
FrontPage Server Extensions
Health Registration Authority (HRA)
Internet Authentication Service (IAS)
Internet Information Services
Indexing Service
IP Security Policy Management
IP Security Monitor
Local Users and Groups
NAP Client Configuration
.Net Framework Configuration
Network Policy Server (NPS)
Performance Logs and Alerts
QoS Admission Control
Remote Desktops
Routing and Remote Access
Removable Storage Management
Security Configuration and Analysis
Security Templates
Server Manager
Services
Shared Folders
System Information
Telephony
Remote Desktop Services Configuration
TPM Management
Windows Firewall with Advanced Security
Wireless Monitor
WMI Control
Group Policy Starter GPO Editor
Group Policy Management Editor
Storage Manager for SANs
Storage Manager for SANS Extension
Disk Management Extension
Share and Storage Management
Share and Storage Management Extension
DFS Management
DFS Management Extension
File Server Resource Manager
File Server Resource Manager Extension
Turn off Windows Mobility Center
Turn off Windows Mobility Center
Turn off Windows presentation settings
Turn off Windows presentation settings
Automatic Maintenance Activation Boundary
Automatic Maintenance Random Delay
Automatic Maintenance WakeUp Policy
Microsoft Support Diagnostic Tool: Configure execution level
Microsoft Support Diagnostic Tool: Restrict tool download
Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider
Configure MSI Corrupted File Recovery behavior
Allow users to browse for source while elevated
Allow users to use media source while elevated
Allow users to patch elevated products
Always install with elevated privileges
Always install with elevated privileges
Prohibit use of Restart Manager
Remove browse dialog box for new source
Prohibit flyweight patching
Turn off logging via package settings
Prevent removable media source for any installation
Turn off Windows Installer
Prevent users from using Windows Installer to install updates and upgrades
Prohibit rollback
Prohibit rollback
Allow user control over installs
Prohibit non-administrators from applying vendor signed updates
Prohibit removal of updates
Turn off creation of System Restore checkpoints
Prohibit User Installs
Enforce upgrade component rules
Control maximum size of baseline file cache
Specify the types of events Windows Installer records in its transaction log
Prevent Internet Explorer security prompt for Windows Installer scripts
Specify the order in which Windows Installer searches for installation files
Save copies of transform files in a secure location on workstation
Turn off shared components
Prevent embedded UI
Allow the Network Access Protection client to support the 802.1x Enforcement Client component
Support Email Address
Friendly Name
User Interface
Prefer Local Names Allowed
DirectAccess Passive Mode
Corporate Resources
IPsec Tunnel Endpoints
Custom Commands
Specify corporate Website probe URL
Specify corporate DNS probe host name
Specify corporate DNS probe host address
Specify corporate site prefix list
Specify domain location determination URL
Specify passive polling
Contact PDC on logon failure
Use initial DC discovery retry setting for background callers
Use maximum DC discovery retry interval setting for background callers
Use final DC discovery retry setting for background callers
Use positive periodic DC cache refresh for background callers
Specify log file debug output level
Specify expected dial-up delay on logon
Specify maximum log file size
Specify negative DC Discovery cache setting
Set Netlogon share compatibility
Specify positive periodic DC Cache refresh for non-background callers
Set scavenge interval
Specify site name
Set SYSVOL share compatibility
Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC
Use DNS name resolution when a single-label domain name is used
Use automated site coverage by the DC Locator DNS SRV Records
Specify DC Locator DNS records not registered by the DCs
Specify Refresh Interval of the DC Locator DNS records
Set TTL in the DC Locator DNS Records
Specify sites covered by the GC Locator DNS SRV Records
Set Priority in the DC Locator DNS SRV records
Set Weight in the DC Locator DNS SRV records
Specify sites covered by the application directory partition DC Locator DNS SRV records
Specify sites covered by the DC Locator DNS SRV records
Specify dynamic registration of the DC Locator DNS Records
Try Next Closest Site
Force Rediscovery Interval
Return domain controller address type
Allow cryptography algorithms compatible with Windows NT 4.0
Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names
Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails
Specify address lookup behavior for DC locator ping
Use urgent mode when pinging domain controllers
Prohibit adding and removing components for a LAN or remote access connection
Prohibit access to the Advanced Settings item on the Advanced menu
Prohibit TCP/IP advanced configuration
Prohibit installation and configuration of Network Bridge on your DNS domain network
Prohibit Enabling/Disabling components of a LAN connection
Ability to delete all user remote access connections
Prohibit deletion of remote access connections
Prohibit access to the Remote Access Preferences item on the Advanced menu
Enable Windows 2000 Network Connections settings for Administrators
Turn off notifications when a connection has only limited or no connectivity
Prohibit access to properties of components of a LAN connection
Ability to Enable/Disable a LAN connection
Prohibit access to properties of a LAN connection
Prohibit access to the New Connection Wizard
Prohibit use of Internet Connection Firewall on your DNS domain network
Ability to change properties of an all user remote access connection
Prohibit access to properties of components of a remote access connection
Prohibit connecting and disconnecting a remote access connection
Prohibit changing properties of a private remote access connection
Ability to rename all user remote access connections
Ability to rename LAN connections or remote access connections available to all users
Ability to rename LAN connections
Prohibit renaming private remote access connections
Prohibit use of Internet Connection Sharing on your DNS domain network
Prohibit viewing of status for an active connection
Require domain users to elevate when setting a network's location
Do not show the "local access only" network icon
Route all traffic through the internal network
Internet proxy servers for apps
Intranet proxy servers for apps
Private network ranges for apps
Proxy definitions are authoritative
Subnet definitions are authoritative
Turn off Connect to a Network Projector
Turn off Connect to a Network Projector
Network Projector Port Setting
Subfolders always available offline
Specify administratively assigned Offline Files
Specify administratively assigned Offline Files
Non-default server disconnect actions
Non-default server disconnect actions
Default cache size
Allow or Disallow use of the Offline Files feature
Encrypt the Offline Files cache
Event logging level
Event logging level
Files not cached
Action on server disconnect
Action on server disconnect
Prevent use of Offline Files folder
Prevent use of Offline Files folder
Prohibit user configuration of Offline Files
Prohibit user configuration of Offline Files
Remove "Make Available Offline" command
Remove "Make Available Offline" command
Remove "Make Available Offline" for these files and folders
Remove "Make Available Offline" for these files and folders
Turn off reminder balloons
Turn off reminder balloons
At logoff
Reminder balloon frequency
Reminder balloon frequency
Initial reminder balloon lifetime
Initial reminder balloon lifetime
Reminder balloon lifetime
Reminder balloon lifetime
Configure Slow link speed
Synchronize all offline files before logging off
Synchronize all offline files before logging off
Synchronize all offline files when logging on
Synchronize all offline files when logging on
Synchronize offline files before suspend
Synchronize offline files before suspend
Turn on economical application of administratively assigned Offline Files
Configure slow-link mode
Limit disk space used by Offline Files
Configure Background Sync
Enable Transparent Caching
Enable file screens
Remove "Work offline" command
Remove "Work offline" command
Enable file synchronization on costed networks
Turn off Microsoft Peer-to-Peer Networking Services
Turn off Multicast Bootstrap
Turn off PNRP cloud creation
Set PNRP cloud to resolve only
Set the Seed Server
Set the Seed Server
Set the Seed Server
Disable password strength validation for Peer Grouping
Make Family Safety control panel visible on a Domain
Detect compatibility issues for applications and drivers
Detect application install failures
Detect applications unable to launch installers under UAC
Detect application failures caused by deprecated Windows DLLs
Detect application failures caused by deprecated COM objects
Detect application installers that need to be run as administrator
Notify blocked drivers
Turn on BranchCache
Set percentage of disk space used for client computer cache
Set BranchCache Hosted Cache mode
Set BranchCache Distributed Cache mode
Configure BranchCache for network files
Enable Automatic Hosted Cache Discovery by Service Connection Point
Configure Client BranchCache Version Support
Configure Hosted Cache Servers
Set age for segments in the data cache
Turn off Tablet PC Pen Training
Turn off Tablet PC Pen Training
Enable/Disable PerfTrack
Critical battery notification action
Low battery notification action
Critical battery notification level
Low battery notification level
Turn off low battery user notification
Select the Power button action (plugged in)
Select the Sleep button action (plugged in)
Select the lid switch action (plugged in)
Select the Start menu Power button action (plugged in)
Select the Power button action (on battery)
Select the Sleep button action (on battery)
Select the lid switch action (on battery)
Select the Start menu Power button action (on battery)
Turn Off the hard disk (plugged in)
Turn Off the hard disk (on battery)
Specify a custom active power plan
Select an active power plan
Prompt for password on resume from hibernate/suspend
Turn on the ability for applications to prevent sleep transitions (plugged in)
Specify the system hibernate timeout (plugged in)
Require a password when a computer wakes (plugged in)
Specify the system sleep timeout (plugged in)
Turn off hybrid sleep (plugged in)
Turn on the ability for applications to prevent sleep transitions (on battery)
Specify the system hibernate timeout (on battery)
Require a password when a computer wakes (on battery)
Specify the system sleep timeout (on battery)
Turn off hybrid sleep (on battery)
Turn off adaptive display timeout (plugged in)
Turn off adaptive display timeout (on battery)
Turn off the display (plugged in)
Turn off the display (on battery)
Allow standby states (S1-S3) when sleeping (plugged in)
Allow standby states (S1-S3) when sleeping (on battery)
Do not turn off system power after a Windows system shutdown has occurred.
Allow automatic sleep with Open Network Files (plugged in)
Allow automatic sleep with Open Network Files (on battery)
Reduce display brightness (plugged in)
Reduce display brightness (on battery)
Specify the display dim brightness (plugged in)
Specify the display dim brightness (on battery)
Turn on desktop background slideshow (plugged in)
Turn on desktop background slideshow (on battery)
Specify the unattended sleep timeout (plugged in)
Specify the unattended sleep timeout (on battery)
Allow applications to prevent automatic sleep (plugged in)
Allow applications to prevent automatic sleep (on battery)
Reserve battery notification level
Turn on Script Execution
Turn on Script Execution
Turn on Module Logging
Turn on Module Logging
Set the default source path for Update-Help
Set the default source path for Update-Help
Prevent restoring previous versions from backups
Prevent restoring previous versions from backups
Hide previous versions list for local files
Hide previous versions list for local files
Prevent restoring local previous versions
Prevent restoring local previous versions
Hide previous versions list for remote files
Hide previous versions list for remote files
Prevent restoring remote previous versions
Prevent restoring remote previous versions
Hide previous versions of files on backup location
Hide previous versions of files on backup location
Activate Internet printing
Isolate print drivers from applications
Custom support URL in the Printers folder's left pane
Add Printer wizard - Network scan page (Managed network)
Browse the network to find printers
Always render print jobs on the server
Always rasterize content to be printed using a software rasterizer
Browse a common web site to find printers
Disallow installation of printers using kernel-mode drivers
Prevent addition of printers
Prevent deletion of printers
Add Printer wizard - Network scan page (Unmanaged network)
Only use Package Point and print
Package Point and print - Approved servers
Only use Package Point and print
Package Point and print - Approved servers
Computer location
Pre-populate printer search location text
Point and Print Restrictions
Point and Print Restrictions
Default Active Directory path when searching for printers
Printer browsing
Execute print drivers in isolated processes
Override print driver execution compatibility setting reported by print driver
Extend Point and Print connection to search Windows Update
Do not allow v4 printer drivers to show printer extensions
Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps)
Allow Print Spooler to accept client connections
Automatically publish new printers in Active Directory
Prune printers that are not automatically republished
Directory pruning interval
Directory pruning priority
Directory pruning retry
Log directory pruning retry events
Allow printers to be published
Check published state
Allow pruning of published printers
Hide the Programs Control Panel
Hide "Programs and Features" page
Hide "Installed Updates" page
Hide "Set Program Access and Computer Defaults" page
Hide "Windows Marketplace"
Hide "Get Programs" page
Hide "Windows Features"
Turn on extensive logging for Password Synchronization
Set the number of synchronization retries for servers running Password Synchronization
Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory
Set the interval between synchronization retries for Password Synchronization
Best effort service type
Controlled load service type
Guaranteed service type
Network control service type
Qualitative service type
Limit outstanding packets
Limit reservable bandwidth
Set timer resolution
Non-conforming packets
Configure Reliability WMI Providers
Allow restore of system to default state
Enable Persistent Time Stamp
Report unplanned shutdown events
Activate Shutdown Event Tracker System State Data feature
Display Shutdown Event Tracker
Turn on session logging
Allow only Windows Vista or later connections
Turn on bandwidth optimization
Customize warning messages
Configure Solicited Remote Assistance
Configure Offer Remote Assistance
Set time (in seconds) to force reboot
Set time (in seconds) to force reboot
CD and DVD: Deny read access
CD and DVD: Deny read access
CD and DVD: Deny write access
CD and DVD: Deny write access
CD and DVD: Deny execute access
Custom Classes: Deny read access
Custom Classes: Deny read access
Custom Classes: Deny write access
Custom Classes: Deny write access
Floppy Drives: Deny read access
Floppy Drives: Deny read access
Floppy Drives: Deny write access
Floppy Drives: Deny write access
Floppy Drives: Deny execute access
Removable Disks: Deny read access
Removable Disks: Deny read access
Removable Disks: Deny write access
Removable Disks: Deny write access
Removable Disks: Deny execute access
All Removable Storage classes: Deny all access
All Removable Storage classes: Deny all access
Tape Drives: Deny read access
Tape Drives: Deny read access
Tape Drives: Deny write access
Tape Drives: Deny write access
Tape Drives: Deny execute access
WPD Devices: Deny read access
WPD Devices: Deny read access
WPD Devices: Deny write access
WPD Devices: Deny write access
All Removable Storage: Allow direct access in remote sessions
Enable RPC Endpoint Mapper Client Authentication
Propagate extended error information
Set Minimum Idle Connection Timeout for RPC/HTTP connections
Restrict Unauthenticated RPC clients
Maintain RPC Troubleshooting State Information
Specify maximum wait time for Group Policy scripts
Run legacy logon scripts hidden
Display instructions in logoff scripts as they run
Run logon scripts synchronously
Run logon scripts synchronously
Display instructions in logon scripts as they run
Run Windows PowerShell scripts first at computer startup
Run Windows PowerShell scripts first at user logon
Run Windows PowerShell scripts first at user logon
Display instructions in shutdown scripts as they run
Run startup scripts asynchronously
Display instructions in startup scripts as they run
Allow logon scripts when NetBIOS or WINS is disabled
Configure Security Policy for Scripted Diagnostics
Troubleshooting: Allow users to access and run Troubleshooting Wizards
Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)
Configure Scheduled Maintenance Behavior
Prevent adding UNC locations to index from Control Panel
Prevent adding UNC locations to index from Control Panel
Allow indexing of encrypted files
Disable indexer backoff
Prevent clients from querying the index remotely
Prevent indexing when running on battery power to conserve energy
Prevent customization of indexed locations in Control Panel
Prevent customization of indexed locations in Control Panel
Allow use of diacritics
Always use automatic language detection when indexing content and properties
Disable indexing of removable drives
Don't search the web or display web results in Search
Don't search the web or display web results in Search over metered connections
Set what information is shared in Search
Set the SafeSearch setting for Search
Prevent automatically adding shared folders to the Windows Search index
Prevent adding user-specified locations to the All Locations menu
Prevent the display of advanced indexing options for Windows Search in the Control Panel
Prevent indexing files in offline files cache
Enable indexing uncached Exchange folders
Enable indexing of online delegate mailboxes
Enable throttling for online mail indexing
Prevent indexing Microsoft Office Outlook
Prevent indexing e-mail attachments
Control rich previews for attachments
Prevent indexing public folders
Indexer data location
Add primary intranet search location
Add secondary intranet search locations
Preview pane location
Set large or small icon view in desktop search results
Stop indexing in the event of limited hard drive space
Prevent unwanted iFilters and protocol handlers
Do not allow web search
Prevent indexing certain paths
Prevent indexing certain paths
Default indexed paths
Default indexed paths
Default excluded paths
Default excluded paths
Prevent indexing of certain file types
Turn off storage and display of search history
Select OCR languages from a code page
Force TIFF IFilter to perform OCR for every page in a TIFF document
Turn on Security Center (Domain PCs only)
Turn off sensors
Turn off sensors
Turn off location
Turn off location
Turn off location scripting
Turn off location scripting
Do not display Server Manager automatically at logon
Configure the refresh interval for Server Manager
Do not display Initial Configuration Tasks window automatically at logon
Do not display Manage Your Server page at logon
Specify settings for optional component installation and component repair
Do not sync
Do not sync app settings
Do not sync passwords
Do not sync personalize
Do not sync Apps
Do not sync other Windows settings
Do not sync desktop personalization
Do not sync browser settings
Do not sync on metered connections
Do not sync start settings
Specify Windows Service Pack installation file location
Specify Windows installation file location
Turn off handwriting personalization data sharing
Turn off handwriting personalization data sharing
Allow DFS roots to be published
Allow shared folders to be published
Prevent users from sharing files within their profile.
Prevent the computer from joining a homegroup
Prevent access to the command prompt
Prevent access to registry editing tools
Run only specified Windows applications
Don't run specified Windows applications
Do not display the Welcome Center at user logon
Turn off desktop gadgets
Turn off desktop gadgets
Restrict unpacking and installation of gadgets that are not digitally signed.
Restrict unpacking and installation of gadgets that are not digitally signed.
Turn Off user-installed desktop gadgets
Turn Off user-installed desktop gadgets

Allow certificates with no extended key usage certificate attribute
Allow Integrated Unblock screen to be displayed at the time of logon
Filter duplicate logon certificates
Force the reading of all certificates from the smart card
Allow signature keys valid for Logon
Allow time invalid certificates
Turn on certificate propagation from smart card
Configure root certificate clean up
Turn on root certificate propagation from smart card
Display string when smart card is blocked
Reverse the subject name stored in a certificate when displaying
Prevent plaintext PINs from being returned by Credential Manager
Allow user name hint
Turn on Smart Card Plug and Play service
Notify user of successful smart card driver installation
Allow ECC certificates to be used for logon and authentication
Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS
Set the map update interval for NIS subordinate servers
Specify communities
Specify permitted managers
Specify traps for public community
Do not allow Sound Recorder to run
Do not allow Sound Recorder to run
File Classification Infrastructure: Display Classification tab in File Explorer
File Classification Infrastructure: Specify classification properties list
Customize message for Access Denied errors
Enable access-denied assistance on client for all file types
Clear the recent programs list for new users
Remove Games link from Start Menu
Remove Search Computer link
Remove See More Results / Search Everywhere link
Add Search Internet link to Start Menu
Do not search for files
Do not search Internet
Do not search programs and Control Panel items
Do not search communications
Remove user folder link from Start Menu
Add the Run command to the Start Menu
Show QuickLaunch on Taskbar
Clear history of recently opened documents on exit
Add Logoff to the Start Menu
Gray unavailable Windows Installer programs Start Menu shortcuts
Turn off personalized menus
Lock the Taskbar
Add "Run in Separate Memory Space" check box to Run dialog box
Turn off notification area cleanup
Remove Balloon Tips on Start Menu items
Prevent users from customizing their Start Screen
Clear history of tile notifications on exit
Pin Apps to Start when installed
Pin Apps to Start when installed
Start Screen Layout
Start Screen Layout
Remove and prevent access to the Shut Down
Remove common program groups from Start Menu
Remove Favorites menu from Start Menu
Remove Search link from Start Menu
Remove frequent programs list from the Start Menu
Remove Help menu from Start Menu
Turn off user tracking
Remove All Programs list from the Start menu
Remove Network Connections from Start Menu
Remove pinned programs list from the Start Menu
Do not keep history of recently opened documents
Remove Recent Items menu from Start Menu
Do not use the search-based method when resolving shell shortcuts
Do not use the tracking-based method when resolving shell shortcuts
Remove Run menu from Start Menu
Remove programs on Settings menu
Prevent changes to Taskbar and Start Menu Settings
Remove Default Programs link from the Start menu.
Remove Documents icon from Start Menu
Remove Music icon from Start Menu
Remove Network icon from Start Menu
Remove Pictures icon from Start Menu
Remove user's folders from the Start Menu
Force classic Start Menu
Remove Clock from the system notification area
Prevent grouping of taskbar items
Do not display any custom toolbars in the taskbar
Remove access to the context menus for the taskbar
Hide the notification area
Remove user name from Start Menu
Remove links and access to Windows Update
Remove the "Undock PC" button from the Start Menu
Remove Logoff on the Start Menu
Remove Homegroup link from Start Menu
Remove Downloads link from Start Menu
Remove Recorded TV link from Start Menu
Remove Videos link from Start Menu
Prevent users from uninstalling applications from Start
Change Start Menu power button
Show "Run as different user" command on Start
Default
Default app
Default search
Sort
Multimon
Turn off Configuration
Turn off System Restore
Turn off AutoComplete integration with Input Panel
Turn off AutoComplete integration with Input Panel
Prevent Input Panel tab from appearing
Prevent Input Panel tab from appearing
For tablet pen input
For tablet pen input
For touch input
For touch input
Turn off password security in Input Panel
Turn off password security in Input Panel
Include rarely used Chinese
Include rarely used Chinese
Turn off tolerant and Z-shaped scratch-out gestures
Disable text prediction
Disable text prediction
Do not allow Inkball to run
Do not allow Inkball to run
Do not allow Windows Journal to be run
Do not allow Windows Journal to be run
Do not allow printing to Journal Note Writer
Do not allow printing to Journal Note Writer
Do not allow Snipping Tool to run
Do not allow Snipping Tool to run
Turn off pen feedback
Turn off pen feedback
Prevent Back-ESC mapping
Prevent Back-ESC mapping
Prevent launch an application
Prevent launch an application
Prevent press and hold
Prevent press and hold
Turn off hardware buttons
Turn off hardware buttons
Prevent Flicks Learning Mode
Prevent Flicks Learning Mode
Prevent flicks
Prevent flicks
Remove the battery meter
Remove the networking icon
Remove the volume control icon
Remove the Action Center icon
Lock all taskbar settings
Prevent users from adding or removing toolbars
Prevent users from rearranging toolbars
Turn off all balloon notifications
Prevent users from moving taskbar to another screen dock location
Prevent users from resizing the taskbar
Turn off taskbar thumbnails
Remove pinned programs from the Taskbar
Turn off automatic promotion of notification icons to the taskbar
Turn off feature advertisement balloon notifications
Do not display or track items in Jump Lists from remote locations
Do not allow pinning programs to the Taskbar
Do not allow pinning items in Jump Lists
Do not allow taskbars on more than one display
Prohibit Browse
Prohibit Browse
Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
Prohibit Drag-and-Drop
Prohibit Drag-and-Drop
Prevent Task Run or End
Prevent Task Run or End
Hide Property Pages
Hide Property Pages
Prohibit New Task Creation
Prohibit New Task Creation
Prohibit Task Deletion
Prohibit Task Deletion
Set ISATAP State
Set ISATAP Router Name
Set 6to4 State
Set 6to4 Relay Name
Set 6to4 Relay Name Resolution Interval
Set Teredo State
Set Teredo Server Name
Set Teredo Refresh Rate
Set Teredo Client Port
Set Teredo Default Qualified
Set IP-HTTPS State
Set Window Scaling Heuristics State
Set IP Stateless Autoconfiguration Limits State
Allow time zone redirection
Do not allow Clipboard redirection
Remove remote desktop wallpaper
Always show desktop on connection
Allow remote start of unlisted programs
Allow desktop composition for remote desktop sessions
Use RD Connection Broker load balancing
Redirect only the default client printer
Redirect only the default client printer
Set time limit for logoff of RemoteApp sessions
Set time limit for logoff of RemoteApp sessions
Do not allow font smoothing
Select the network adapter to be used for Remote Desktop IP Virtualization
Do not use Remote Desktop Session Host server IP address when virtual IP address is not available
Turn off Fair Share CPU Scheduling
Turn off Windows Installer RDS Compatibility
Turn on Remote Desktop IP Virtualization
Use the hardware default graphics adapter for all Remote Desktop Services sessions
Configure image quality for RemoteFX Adaptive Graphics
Configure RemoteFX Adaptive Graphics
Set remote control session UAC desktop
Select network detection on the server
Select RDP transport protocols
Enable connection through RD Gateway
Set RD Gateway server address
Automatic reconnection
Limit maximum color depth
Limit number of monitors
Allow users to connect remotely by using Remote Desktop Services
Limit maximum display resolution
Enforce Removal of Remote Desktop Wallpaper
Deny logoff of an administrator logged in to the console session
Configure keep-alive connection interval
Use the specified Remote Desktop license servers
Hide notifications about RD Licensing problems that affect the RD Session Host server
Set the Remote Desktop licensing mode
Limit number of connections
Remove "Disconnect" option from Shut Down dialog
Remove Windows Security item from Start menu
Suspend user sign-in to complete app registration
Set rules for remote control of Remote Desktop Services user sessions
Set rules for remote control of Remote Desktop Services user sessions
Set remote control session UAC desktop
Set remote control permission request timeout
Use advanced RemoteFX graphics for RemoteApp
Restrict Remote Desktop Services users to a single Remote Desktop Services session
Start a program on connection
Start a program on connection
Do not allow local administrators to customize permissions
Always show desktop on connection
Set Remote Desktop Services User Home Directory
Set path for Remote Desktop Services Roaming User Profile
Use mandatory profiles on the RD Session Host server
Limit the size of the entire roaming user profile cache
License server security group
Prevent license upgrade
Allow audio and video playback redirection
Limit audio playback quality
Allow audio recording redirection
Do not allow Clipboard redirection
Do not allow COM port redirection
Do not set default client printer to be default printer in a session
Use Remote Desktop Easy Print printer driver first
Use Remote Desktop Easy Print printer driver first
Do not allow drive redirection
Do not allow LPT port redirection
Do not allow supported Plug and Play device redirection
Do not allow client printer redirection
Specify RD Session Host server fallback printer driver behavior
Do not allow smart card device redirection
Allow time zone redirection
Require secure RPC communication
Join RD Connection Broker
Configure RD Connection Broker farm name
Use IP Address Redirection
Configure RD Connection Broker server name
End session when time limits are reached
End session when time limits are reached
Set time limit for disconnected sessions
Set time limit for disconnected sessions
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active but idle Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Set time limit for active Remote Desktop Services sessions
Do not delete temp folders upon exit
Do not use temporary folders per session
Allow .rdp files from unknown publishers
Allow .rdp files from unknown publishers
Allow .rdp files from valid publishers and user's default .rdp settings
Allow .rdp files from valid publishers and user's default .rdp settings
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
Prompt for credentials on the client computer
Configure server authentication for client
Configure image quality for RemoteFX Adaptive Graphics
Configure RemoteFX Adaptive Graphics
Configure compression for RemoteFX data
Enable Remote Desktop Protocol 8.0
Optimize visual experience for Remote Desktop Service Sessions
Allow RDP redirection of other supported RemoteFX USB devices from this computer
Configure RemoteFX
Optimize visual experience when using RemoteFX
Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
Specify default connection URL
Select network detection on the server
Select RDP transport protocols
Configure the level of TPM owner authorization information available to the operating system
Configure the list of blocked TPM commands
Ignore the default list of blocked TPM commands
Ignore the local list of blocked TPM commands
Standard User Lockout Duration
Standard User Individual Lockout Threshold
Standard User Total Lockout Threshold
Add the Administrators security group to roaming user profiles
Do not check for user ownership of Roaming Profile Folders
Connect home directory to root of the share
Delete cached copies of roaming profiles
Disable detection of slow network connections
Prompt user when a slow network connection is detected
Exclude directories in roaming profile
Leave Windows Installer and Group Policy Software Installation Data
Limit profile size
Only allow local user profiles
Establish timeout value for dialog boxes
Do not log users on with temporary profiles
Maximum retries to unload and update user profile
Prevent Roaming Profile changes from propagating to the server
Wait for remote user profile
Control slow network connection timeout for user profiles
Delete user profiles older than a specified number of days on system restart
Specify network directories to sync at logon/logoff time only
Do not forcefully unload the users registry at user logoff
Set maximum wait time for the network if a user has a roaming user profile or remote home directory
Set roaming profile path for all users logging onto this computer
Set the schedule for background upload of a roaming user profile's registry file while user is logged on
User management of sharing user name
Download roaming profiles on primary computers only
Set user home folder
Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista)
Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista)
Choose default folder for recovery password
Choose drive encryption method and cipher strength (Windows Vista
Choose drive encryption method and cipher strength
Prevent memory overwrite on restart
Allow enhanced PINs for startup
Configure use of passwords for operating system drives
Reset platform validation data after BitLocker recovery
Disallow standard users from changing the PIN or password
Provide the unique identifiers for your organization
Validate smart card certificate usage rule compliance
Use enhanced Boot Configuration Data validation profile
Choose how BitLocker-protected operating system drives can be recovered
Enforce drive encryption type on operating system drives
Require additional authentication at startup (Windows Server 2008 and Windows Vista)
Require additional authentication at startup
Allow network unlock at startup
Configure TPM platform validation profile (Windows Vista
Configure TPM platform validation profile for BIOS-based firmware configurations
Configure TPM platform validation profile for native UEFI firmware configurations
Configure minimum PIN length for startup
Configure use of hardware-based encryption for operating system drives
Enable use of BitLocker authentication requiring preboot keyboard input on slates
Allow Secure Boot for integrity validation
Choose how BitLocker-protected fixed drives can be recovered
Configure use of passwords for fixed data drives
Deny write access to fixed drives not protected by BitLocker
Allow access to BitLocker-protected fixed data drives from earlier versions of Windows
Configure use of smart cards on fixed data drives
Enforce drive encryption type on fixed data drives
Configure use of hardware-based encryption for fixed data drives
Choose how BitLocker-protected removable drives can be recovered
Control use of BitLocker on removable drives
Configure use of passwords for removable data drives
Deny write access to removable drives not protected by BitLocker
Allow access to BitLocker-protected removable data drives from earlier versions of Windows
Configure use of smart cards on removable data drives
Enforce drive encryption type on removable data drives
Configure use of hardware-based encryption for removable data drives
Global Configuration Settings
Configure Windows NTP Client
Enable Windows NTP Client
Enable Windows NTP Server
Prohibit connection to non-domain networks when connected to domain authenticated network
Minimize the number of simultaneous connections to the Internet or a Windows Domain
Prohibit connection to roaming Mobile Broadband networks
Disable power management in connected standby mode
Diagnostics: Configure scenario retention
Diagnostics: Configure scenario execution level
Turn off Windows Calendar
Turn off Windows Calendar
Prevent the wizard from running.
Prevent the wizard from running.
Allow only system backup
Disallow locally attached storage as backup target
Disallow network as backup target
Disallow optical media as backup target
Disallow run-once backups
Prohibit installing or uninstalling color profiles
Prohibit installing or uninstalling color profiles
Prohibit access of the Windows Connect Now wizards
Prohibit access of the Windows Connect Now wizards
Configuration of wireless settings using Windows Connect Now
Allow antimalware service to startup with normal priority
Turn on spyware definitions
Turn on virus definitions
Configure local administrator merge behavior for lists
Turn on routine remediation
Define addresses to bypass proxy server
Define proxy server for connecting to the network
Randomize scheduled task times
Allow antimalware service to remain running always
Extension Exclusions
Path Exclusions
Process Exclusions
Turn on protocol recognition
Turn on definition retirement
Define the rate of detection events for logging
IP address range Exclusions
Port number Exclusions
Process Exclusions for outbound traffic
Threat ID Exclusions
Specify additional definition sets for network traffic inspection
Configure local setting override for the removal of items from Quarantine folder
Configure removal of items from Quarantine folder
Turn on behavior monitoring
Turn on Information Protection Control
Turn on network protection against exploits of known vulnerabilities
Scan all downloaded files and attachments
Monitor file and program activity on your computer
Turn on raw volume write notifications
Turn on real-time protection
Turn on process scanning whenever real-time protection is enabled
Define the maximum size of downloaded files and attachments to be scanned
Configure local setting override for turn on behavior monitoring
Configure local setting override for monitoring file and program activity on your computer
Configure local setting override to turn off Intrusion Prevention System
Configure local setting override for scanning all downloaded files and attachments
Configure local setting override to turn on real-time protection
Configure local setting override for monitoring for incoming and outgoing file activity
Configure monitoring for incoming and outgoing file and program activity
Configure local setting override for the time of day to run a scheduled full scan to complete remediation
Specify the day of the week to run a scheduled full scan to complete remediation
Specify the time of day to run a scheduled full scan to complete remediation
Configure time out for detections requiring additional action
Configure time out for detections in critically failed state
Configure Watson events
Configure time out for detections in non-critical failed state
Configure time out for detections in recently remediated state
Configure Windows software trace preprocessor components
Configure WPP tracing level
Allow users to pause scan
Specify the maximum depth to scan archive files
Specify the maximum size of archive files to be scanned
Specify the maximum percentage of CPU utilization during a scan
Check for the latest virus and spyware definitions before running a scheduled scan
Scan archive files
Turn on catch-up full scan
Turn on catch-up quick scan
Turn on e-mail scanning
Turn on heuristics
Scan packed executables
Scan removable drives
Turn on reparse point scanning
Create a system restore point
Run full scan on mapped network drives
Scan network files
Configure local setting override for maximum percentage of CPU utilization
Configure local setting override for the scan type to use for a scheduled scan
Configure local setting override for schedule scan day
Configure local setting override for scheduled quick scan time
Configure local setting override for scheduled scan time
Turn on removal of items from scan history folder
Specify the interval to run quick scans per day
Start the scheduled scan only when computer is on but not in use
Specify the scan type to use for a scheduled scan
Specify the day of the week to run a scheduled scan
Specify the time for a daily quick scan
Specify the time of day to run a scheduled scan
Define the number of days before spyware definitions are considered out of date
Define the number of days before virus definitions are considered out of date
Define file shares for downloading definition updates
Turn on scan after signature update
Allow definition updates when running on battery power
Initiate definition update on startup
Define the order of sources for downloading definition updates
Allow definition updates from Microsoft Update
Allow real-time definition updates based on reports to Microsoft MAPS
Specify the day of the week to check for definition updates
Specify the time to check for definition updates
Allow notifications to disable definitions based reports to Microsoft MAPS
Define the number of days after which a catch-up definition update is required
Specify the interval to check for definition updates
Check for the latest virus and spyware definitions on startup
Configure local setting override for reporting to Microsoft MAPS
Join Microsoft MAPS
Specify threats upon which default action should not be taken when detected
Specify threat alert levels at which default action should not be taken when detected
Display notifications to clients when they need to perform actions
Display additional text to clients when they need to perform an action
Hide the common dialog back button
Hide the dropdown list of recent files
Hide the common dialog places bar
Items displayed in Places Bar
Turn on Classic Shell
Display confirmation dialog when deleting files
Allow only per user or approved shell extensions
Do not track Shell shortcuts during roaming
Maximum number of recent documents
Turn off caching of thumbnail pictures
Remove CD Burning features
Remove UI to change menu animation setting
Remove UI to change keyboard navigation indicator setting
Remove DFS tab
Hide these specified drives in My Computer
No Entire Network in Network Locations
Remove File menu from File Explorer
Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon
Remove Hardware tab
Hides the Manage item on the File Explorer context menu
Remove Shared Documents from My Computer
Remove "Map Network Drive" and "Disconnect Network Drive"
Do not move deleted files to the Recycle Bin
Do not request alternate credentials
Remove Security tab
Remove Search button from File Explorer
Remove File Explorer's default context menu
Prevent access to drives from My Computer
Turn off Windows+X hotkeys
No Computers Near Me in Network Locations
Request credentials for network installations
Maximum allowed Recycle Bin size
Turn off shell protocol protected mode
Turn off shell protocol protected mode
Remove the Search the Internet "Search again" link
Pin Internet search sites to the "Search again" links and the Start menu
Pin Libraries or Search Connectors to the "Search again" links and the Start menu
Verify old and new Folder Redirection targets point to the same share before redirecting
Disable Known Folders
Turn off the display of snippets in Content view mode
Turn off Windows Libraries features that rely on indexed file data
Turn off display of recent search entries in the File Explorer search box
Disable binding directly to IPropertySetStorage without intermediate layers.
Disable binding directly to IPropertySetStorage without intermediate layers.
Turn off numerical sorting in File Explorer
Turn off numerical sorting in File Explorer
Allow OpenSearch queries in File Explorer
Allow previewing and custom thumbnails of OpenSearch query results in File Explorer
Location where all default Library definition files for users/machines reside.
Location where all default Library definition files for users/machines reside.
Configure Windows SmartScreen
Show lock in the user tile menu
Show sleep in the power options menu
Show hibernate in the power options menu
Do not show the 'new application installed' notification
Start File Explorer with ribbon minimized
Start File Explorer with ribbon minimized
Set a default associations configuration file
Allow the use of remote paths in file shortcut icons
Specify Windows File Protection cache location
Limit Windows File Protection cache size
Set Windows File Protection scanning
Hide the file scan progress window
Windows Firewall: Allow authenticated IPsec bypass
Windows Firewall: Define inbound program exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow inbound file and printer sharing exception
Windows Firewall: Allow ICMP exceptions
Windows Firewall: Allow logging
Windows Firewall: Prohibit notifications
Windows Firewall: Define inbound port exceptions
Windows Firewall: Allow local port exceptions
Windows Firewall: Allow inbound remote administration exception
Windows Firewall: Allow inbound Remote Desktop exceptions
Windows Firewall: Prohibit unicast response to multicast or broadcast requests
Windows Firewall: Allow inbound UPnP framework exceptions
Windows Firewall: Define inbound program exceptions
Windows Firewall: Allow local program exceptions
Windows Firewall: Protect all network connections
Windows Firewall: Do not allow exceptions
Windows Firewall: Allow inbound file and printer sharing exception
Windows Firewall: Allow ICMP exceptions
Windows Firewall: Allow logging
Windows Firewall: Prohibit notifications
Windows Firewall: Define inbound port exceptions
Windows Firewall: Allow local port exceptions
Windows Firewall: Allow inbound remote administration exception
Windows Firewall: Allow inbound Remote Desktop exceptions
Windows Firewall: Prohibit unicast response to multicast or broadcast requests
Windows Firewall: Allow inbound UPnP framework exceptions
Turn off Windows Mail application
Turn off Windows Mail application
Turn off the communities features
Turn off the communities features
Prevent Windows Media DRM Internet Access
Prevent Automatic Updates
Do Not Show First Use Dialog Boxes
Prevent Video Smoothing
Prevent CD and DVD Media Information Retrieval
Prevent Media Sharing
Prevent Music File Media Information Retrieval
Prevent Quick Launch Toolbar Shortcut Creation
Prevent Radio Station Preset Retrieval
Prevent Desktop Shortcut Creation
Allow Screen Saver
Prevent Codec Download
Do Not Show Anchor
Hide Privacy Tab
Hide Security Tab
Set and Lock Skin
Configure HTTP Proxy
Configure MMS Proxy
Configure RTSP Proxy
Hide Network Tab
Configure Network Buffering
Streaming Media Protocols
Do not automatically start Windows Messenger initially
Do not automatically start Windows Messenger initially
Do not allow Windows Messenger to be run
Do not allow Windows Messenger to be run
Allow Basic authentication
Allow unencrypted traffic
Disallow Digest authentication
Disallow Negotiate authentication
Disallow Kerberos authentication
Allow CredSSP authentication
Trusted Hosts
Allow remote server management through WinRM
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box
Remove access to use all Windows Update features
Configure Automatic Updates
Specify intranet Microsoft update service location
Automatic Updates detection frequency
Allow non-administrators to receive update notifications
Allow Automatic Updates immediate installation
Turn on recommended updates via Automatic Updates
Turn on Software Notifications
Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates
No auto-restart with logged on users for scheduled automatic updates installations
Always automatically restart at the scheduled time
Re-prompt for restart with scheduled installations
Delay Restart for scheduled installations
Reschedule Automatic Updates scheduled installations
Enable client-side targeting
Allow signed updates from an intranet Microsoft update service location
Turn off legacy remote shutdown interface
Timeout for hung logon sessions during shutdown
Require use of fast startup
Display information about previous logons during user logon
Remove logon hours expiration warnings
Set action to take when logon hours expire
Disable or enable software Secure Attention Sequence
Specify Work Folders settings
Turn off tile notifications
Turn off toast notifications
Turn off toast notifications on the lock screen
Turn off notifications network usage
Turn off Quiet Hours
Set the time Quiet Hours begins each day
Set the time Quiet Hours ends each day
Turn off calls during Quiet Hours
Set 3G Cost
Set 4G Cost
Scope New in 8.1 Policy Path Registry Information Supported On Help Text
Machine FALSE Windows Components\ActiveX Installer Service HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList
Machine FALSE Windows Components\ActiveX Installer Service HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!DefaultCategory Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromCDorFloppy Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromInternet Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromNetwork Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddPage Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddRemovePrograms Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoChooseProgramsPage Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoRemovePage Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoServices Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoSupportInfo Windows Server 2003
User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoWindowsSetupPage Windows Server 2003
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!VDMDisallowed At least Windows Server 2003 Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePropPage At least Windows Server 2003 This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!AITEnable At least Windows Server 2008 R2 or Windows 7 The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!SbEnable At least Windows Server 2008 R2 or Windows 7 The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableEngine At least Windows Server 2003 This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes
User FALSE Windows Components\Application Compatibility HKCU\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA At least Windows Vista This setting exists only for backward compatibility
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA At least Windows Vista This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableUAR At least Windows Server 2008 R2 or Windows 7 This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input
Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableInventory At least Windows Server 2008 R2 or Windows 7 This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications
Machine FALSE Windows Components\App Package Deployment HKLM\Software\Policies\Microsoft\Windows\Appx!AllowAllTrustedApps At least Windows Server 2012
Machine FALSE Windows Components\App Package Deployment HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDeploymentInSpecialProfiles At least Windows Server 2012
Machine TRUE Windows Components\App Package Deployment HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDevelopmentWithoutDevLicense At least Windows Server 2012
Machine FALSE Windows Components\App runtime HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation At least Windows Server 2012
User FALSE Windows Components\App runtime HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation At least Windows Server 2012
Machine FALSE Windows Components\App runtime HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation At least Windows Server 2012
User FALSE Windows Components\App runtime HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation At least Windows Server 2012
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus At least Windows XP Professional with SP2 This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!UseTrustedHandlers At least Windows XP Professional with SP2 This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation At least Windows XP Professional with SP2 This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!HideZoneInfoOnProperties At least Windows XP Professional with SP2 This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!DefaultFileTypeRisk At least Windows XP Professional with SP2 This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!HighRiskFileTypes At least Windows XP Professional with SP2 This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!LowRiskFileTypes At least Windows XP Professional with SP2 This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types
User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!ModRiskFileTypes At least Windows XP Professional with SP2 This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone
Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun At least Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista
User FALSE Windows Components\AutoPlay Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun At least Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista
Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox At least Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting
User FALSE Windows Components\AutoPlay Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox At least Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting
Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun At least Windows 2000 This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result
User FALSE Windows Components\AutoPlay Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun At least Windows 2000 This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result
Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume At least Windows Server 2008 R2 or Windows 7 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting
User FALSE Windows Components\AutoPlay Policies HKCU\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume At least Windows Server 2008 R2 or Windows 7 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting
Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics!Enabled At least Windows Server 2008 R2 or Windows 7 This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting
Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Enabled At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default
Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Domain Accounts At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default
Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!SwitchTimeoutInSeconds At least Windows Server 2008 R2 or Windows 7 This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!JobInactivityTimeout Windows XP or Windows Server 2003
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxDownloadTime At least Windows Vista This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!EnablePeercaching At least Windows Vista This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxContentAge At least Windows Vista This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxCacheSize At least Windows Vista This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingClient At least Windows Vista This policy setting specifies whether the computer will act as a BITS peer caching client. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingServer At least Windows Vista This policy setting specifies whether the computer will act as a BITS peer caching server. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthServed At least Windows Vista This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerMachine At least Windows Vista This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerUser At least Windows Vista This policy setting limits the number of BITS jobs that can be created by a user. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxFilesPerJob At least Windows Vista This policy setting limits the number of files that a BITS job can contain. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxRangesPerFile At least Windows Vista This policy setting limits the number of ranges that can be added to a file in a BITS job. By default
Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!DisableBranchCache Windows 7 or computers with BITS 3.5 installed. This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer
Machine FALSE Windows Components\Windows Customer Experience Improvement Program HKLM\Software\Policies\Microsoft\SQMClient!CorporateSQMURL At least Windows Vista If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.
Machine FALSE Windows Components\Windows Customer Experience Improvement Program HKLM\Software\Policies\Microsoft\SQMClient\Windows!StudyId
Machine FALSE Network\SSL Configuration Settings HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002!Functions At least Windows Vista This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting
User FALSE System HKCU\Software\Policies\Microsoft\Windows\App Management!COMClassStore At least Windows 2000 This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\App Management!COMClassStore At least Windows 2000 This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoAppSharing at least Windows NetMeeting v3.0 Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoAllowControl at least Windows NetMeeting v3.0 Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharing at least Windows NetMeeting v3.0 Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDosWindows at least Windows NetMeeting v3.0 Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDesktop at least Windows NetMeeting v3.0 Prevents users from sharing the whole desktop. They will still be able to share individual applications.
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharingExplorer at least Windows NetMeeting v3.0 Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications
User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoTrueColorSharing at least Windows NetMeeting v3.0 Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.
User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoAudio at least Windows NetMeeting v3.0 Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoChangeDirectSound at least Windows NetMeeting v3.0 Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality
User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoFullDuplex at least Windows NetMeeting v3.0 Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.
User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingVideo at least Windows NetMeeting v3.0 Prevents users from receiving video. Users will still be able to send video provided they have the hardware."
User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoSendingVideo at least Windows NetMeeting v3.0 Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!MaximumBandwidth at least Windows NetMeeting v3.0 Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!PersistAutoAcceptCalls at least Windows NetMeeting v3.0 Make the automatic acceptance of incoming calls persistent.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoChat at least Windows NetMeeting v3.0 Disables the Chat feature of NetMeeting.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoNewWhiteBoard at least Windows NetMeeting v3.0 Disables the T.126 whiteboard feature of NetMeeting.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoOldWhiteBoard at least Windows NetMeeting v3.0 Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it.
Machine FALSE Windows Components\NetMeeting HKLM\Software\Policies\Microsoft\Conferencing!NoRDS at least Windows NetMeeting v3.0 Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!Use AutoConfig
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoAddingDirectoryServers at least Windows NetMeeting v3.0 Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoAutoAcceptCalls at least Windows NetMeeting v3.0 Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoChangingCallMode at least Windows NetMeeting v3.0 Prevents users from changing the way calls are placed
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoDirectoryServices at least Windows NetMeeting v3.0 Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book."
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingFiles at least Windows NetMeeting v3.0 Prevents users from receiving files from others in a conference.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoSendingFiles at least Windows NetMeeting v3.0 Prevents users from sending files to others in a conference.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoWebDirectory at least Windows NetMeeting v3.0 Prevents users from viewing directories as Web pages in a browser.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!MaxFileSendSize at least Windows NetMeeting v3.0 Limits the size of files users can send to others in a conference.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!IntranetSupportURL at least Windows NetMeeting v3.0 Sets the URL NetMeeting will display when the user chooses the Help Online Support command.
User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!CallSecurity at least Windows NetMeeting v3.0 Sets the level of security for both outgoing and incoming NetMeeting calls.
User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoAdvancedCalling at least Windows NetMeeting v3.0 Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.
User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoAudioPage at least Windows NetMeeting v3.0 Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoGeneralPage at least Windows NetMeeting v3.0 Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.
User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoSecurityPage at least Windows NetMeeting v3.0 Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.
User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoVideoPage at least Windows NetMeeting v3.0 Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl
User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceClassicControlPanel At least Windows Server 2003 operating systems or Windows XP Professional This policy setting controls the default Control Panel view
User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoControlPanel At least Windows 2000 Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe
User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl
User FALSE Control Panel\Display HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispCPL At least Windows 2000 Disables the Display Control Panel.If you enable this setting
User FALSE Control Panel\Display HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispSettingsPage Windows Server 2003
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispAppearancePage At least Windows 2000 Disables the Color (or Window Color) page in the Personalization Control Panel
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispScrSavPage At least Windows 2000 Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveActive At least Windows 2000 Service Pack 1 Enables desktop screen savers.If you disable this setting
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!SCRNSAVE.EXE At least Windows 2000 Service Pack 1 Specifies the screen saver for the user's desktop.If you enable this setting
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaverIsSecure At least Windows 2000 Service Pack 1 Determines whether screen savers used on the computer are password protected.If you enable this setting
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveTimeOut At least Windows 2000 Service Pack 1 Specifies how much user idle time must elapse before the screen saver is launched.When configured
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoChangingWallPaper At least Windows 2000 Prevents users from adding or changing the background design of the desktop.By default
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingSoundScheme At least Windows Server 2008 R2 or Windows 7 Prevents users from changing the sound scheme.By default
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingMousePointers At least Windows Server 2008 R2 or Windows 7 Prevents users from changing the mouse pointers.By default
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispBackgroundPage At least Windows 2000 Prevents users from changing the desktop icons.By default
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoColorChoice Windows Server 2008
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThemesTab At least Windows Server 2003 operating systems or Windows XP Professional This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting
User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Personalization!ThemeFile At least Windows Server 2008 R2 or Windows 7 Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoVisualStyleChoice At least Windows Server 2003 operating systems or Windows XP Professional Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!SetVisualStyle At least Windows Server 2003 operating systems or Windows XP Professional This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles)
User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoSizeChoice Windows Server 2003
Machine FALSE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreen At least Windows Server 2012
Machine FALSE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingLockScreen At least Windows Server 2012
Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenSlideshow At least Windows Server 2012 R2
Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenCamera At least Windows Server 2012 R2
Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background
Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!ForceStartBackground At least Windows Server 2012 R2
Machine FALSE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingStartMenuBackground At least Windows Server 2012
Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!LockScreenImage At least Windows Server 2012
Machine FALSE Control Panel\User Accounts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!UseDefaultTile At least Windows Vista This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DefaultLogonDomain At least Windows Vista This policy setting specifies a default logon domain
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ExcludedCredentialProviders At least Windows Vista This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainPINLogon At least Windows Server 2012
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!BlockDomainPicturePassword At least Windows Server 2012
Machine TRUE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainDelayLock At least Windows Server 2012
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials
Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials
Machine TRUE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!RestrictedRemoteAdministration At least Windows Server 2012 R2
Machine FALSE Windows Components\Credential User Interface HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnumerateAdministrators At least Windows Vista This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default
Machine FALSE Windows Components\Credential User Interface HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnableSecureCredentialPrompting At least Windows Vista This policy setting requires the user to enter Microsoft Windows credentials using a trusted path
Machine FALSE Windows Components\Credential User Interface HKLM\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal At least Windows Server 2012
User FALSE Windows Components\Credential User Interface HKCU\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal At least Windows Server 2012
User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableChangePassword At least Windows 2000 This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting
User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableLockWorkstation At least Windows 2000 This policy setting prevents users from locking the system.While locked
User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableTaskMgr At least Windows 2000 This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers
User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoLogoff At least Windows 2000 This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting
Machine FALSE System\Distributed COM\Application Compatibility Settings HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!AllowLocalActivationSecurityCheckExemptionList At least Windows XP Professional with SP2 Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting
Machine FALSE System\Distributed COM\Application Compatibility Settings HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceActiveDesktopOn Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktop Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktopChanges Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoAddingComponents Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoClosingComponents Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoDeletingComponents Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoEditingComponents Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoComponents Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoHTMLWallPaper Windows Server 2003
User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper
User FALSE Desktop\Active Directory HKCU\Software\Policies\Microsoft\Windows\Directory UI!EnableFilter At least Windows 2000 Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting
User FALSE Desktop\Active Directory HKCU\Software\Policies\Microsoft\Windows\Directory UI!HideDirectoryFolder Windows 2000 only Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting
User FALSE Desktop\Active Directory HKCU\Software\Policies\Microsoft\Windows\Directory UI!QueryLimit At least Windows 2000 Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisablePersonalDirChange At least Windows 2000 Prevents users from changing the path to their profile folders.By default
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktop At least Windows 2000 Removes icons
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktopCleanupWizard Windows Server 2003 and Windows XP only Prevents users from using the Desktop Cleanup Wizard.If you enable this setting
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetIcon At least Windows 2000 Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods.
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{20D04FE0-3AEA-1069-A2D8-08002B30309D} At least Windows Server 2003 operating systems or Windows XP Professional This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{450D8FBA-AD25-11D0-98A8-0800361B1103} Windows Server 2003
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetHood At least Windows 2000 Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyComputer At least Windows 2000 Service Pack 3 This setting hides Properties on the context menu for Computer.If you enable this setting
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyDocuments Windows Server 2003
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsNetHood Windows Server 2003
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{645FF040-5081-101B-9F08-00AA002F954E} At least Windows Server 2003 operating systems or Windows XP Professional Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesRecycleBin At least Windows Server 2003 operating systems or Windows XP Professional Removes the Properties option from the Recycle Bin context menu.If you enable this setting
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSaveSettings At least Windows 2000 Prevents users from saving certain changes to the desktop.If you enable this setting
TRUE
User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMovingBands At least Windows 2000 Prevents users from adjusting the length of desktop toolbars. Also
User FALSE Desktop HKCU\Software\Policies\Microsoft\Windows\Explorer!NoWindowMinimizingShortcuts At least Windows Server 2008 R2 or Windows 7 Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy
Machine FALSE Windows Components\Device and Driver Compatibility HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDeviceFlags At least Windows Server 2012
Machine FALSE Windows Components\Device and Driver Compatibility HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDriverShims At least Windows Server 2012
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllSigningEqual At least Windows Vista This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!InstallTimeout At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSystemRestore At least Windows Vista This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllowRemoteRPC Windows Server 2008
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowAdminInstall At least Windows Vista This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyRemovableDevices At least Windows Vista This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyUnspecified At least Windows Vista This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!SimpleText At least Windows Vista This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting
Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!DetailText At least Windows Vista This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting
Machine FALSE System\Driver Installation HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses
User FALSE System\Driver Installation HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing!BehaviorOnFailedVerify Windows Server 2003
Machine FALSE System\Device Redirection\Device Redirection Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!AllowRedirect At least Windows Server 2008 R2 or Windows 7 This policy setting prevents redirection of USB devices.If you enable this setting
Machine FALSE System\Device Redirection\Device Redirection Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableBalloonTips At least Windows Vista This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendGenericDriverNotFoundToWER At least Windows Vista Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendRequestAdditionalSoftwareToWER At least Windows Server 2008 R2 or Windows 7 Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting
User FALSE System\Driver Installation HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies
User FALSE System\Driver Installation HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate Windows Server 2008
Machine FALSE System\Driver Installation HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate Windows Server 2008
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DriverSearching!SearchOrderConfig At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting
Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DriverServerSelection At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting
Machine FALSE System\Device Installation HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata!PreventDeviceMetadataFromNetwork At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting
Machine FALSE Network HKLM\Software\Policies\Microsoft\System\DFSClient!DfsDcNameDelay At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default
User FALSE Windows Components\Digital Locker HKCU\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker At least Windows Vista Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting
Machine FALSE Windows Components\Digital Locker HKLM\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker At least Windows Vista Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting
Machine FALSE System\Troubleshooting and Diagnostics\Disk Diagnostic HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!DfdAlertTextOverride Windows Server 2008 with Desktop Experience installed or Windows Vista This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\Disk Diagnostic HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled
Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!OptimizeBootAndResume At least Windows Vista This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting
Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!EnablePowerModeState At least Windows Vista This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting
Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableNvCache At least Windows Vista This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system
Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableSolidStateMode At least Windows Vista This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting
Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enable At least Windows 2000 This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer
Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enforce At least Windows 2000 This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting
Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Limit
Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverLimit At least Windows 2000 This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume
Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverThreshold At least Windows 2000 This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting
Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!ApplyToRemovableMedia At least Windows 2000 This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!DLT_AllowDomainMode Windows Server 2003
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AdapterDomainName Windows XP Professional only Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!NameServer Windows XP Professional only Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\System\DNSClient!NV PrimaryDnsSuffix At least Windows 2000 Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterAdapterName At least Windows Server 2003 operating systems or Windows XP Professional Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterReverseLookup At least Windows Server 2003 operating systems or Windows XP Professional Specifies if DNS client computers will register PTR resource records.By default
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationEnabled At least Windows Server 2003 operating systems or Windows XP Professional Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationOverwritesInConflict Windows XP Professional only Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationRefreshInterval At least Windows Server 2003 operating systems or Windows XP Professional Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationTtl At least Windows Server 2003 operating systems or Windows XP Professional Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!SearchList At least Windows Server 2003 operating systems or Windows XP Professional Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateSecurityLevel At least Windows Server 2003 operating systems or Windows XP Professional Specifies the security level for dynamic DNS updates.To use this policy setting
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateTopLevelDomainZones At least Windows Server 2003 operating systems or Windows XP Professional Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UseDomainNameDevolution At least Windows Server 2003 operating systems or Windows XP Professional Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartNameResolution At least Windows Server 2012
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartProtocolReordering At least Windows Server 2012
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!QueryNetBTFQDN At least Windows Server 2012
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!PreferLocalOverLowerBindingDNS At least Windows Server 2012
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableIdnEncoding At least Windows Server 2012
Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableIdnMapping At least Windows Server 2012
User FALSE Windows Components\Desktop Window Manager HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations At least Windows Vista This policy setting controls the appearance of window animations such as those found when restoring
Machine FALSE Windows Components\Desktop Window Manager HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations At least Windows Vista This policy setting controls the appearance of window animations such as those found when restoring
User FALSE Windows Components\Desktop Window Manager HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d Windows Server 2008
Machine FALSE Windows Components\Desktop Window Manager HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d Windows Server 2008
Machine FALSE Windows Components\Desktop Window Manager HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisableAccentGradient At least Windows Server 2012
User FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState
Machine FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState
User FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges At least Windows Vista This policy setting controls the ability to change the color of window frames. If you enable this policy setting
Machine FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges At least Windows Vista This policy setting controls the ability to change the color of window frames. If you enable this policy setting
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!misconvlogging At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!SaveAutoTuneDataToFile At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!UseHistorybasedPredictiveInput At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!OpenExtendedDict At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!SearchPlugin At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!UserDict At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!CodeAreaForConversion At least Windows Server 2012
User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!ShowOnlyPublishingStandardGlyph At least Windows Server 2012
Machine FALSE \Early Launch Antimalware HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy
User FALSE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!TurnOffBackstack At least Windows Server 2012
User FALSE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableMFUTracking At least Windows Server 2012
User TRUE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!AppSwitching At least Windows Server 2012 R2
User TRUE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!Charms At least Windows Server 2012 R2
User TRUE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!WinX At least Windows Server 2012 R2
Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoEncryptOnMove At least Windows 2000 This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!RootHubConnectedEnStorDevices At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!LockDeviceOnMachineLock At least Windows Server 2008 R2 or Windows 7 This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisallowLegacyDiskDevices At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisablePasswordAuthentication At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!TCGSecurityActivationDisabled At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy
Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled
Machine FALSE Windows Components\Windows Error Reporting HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL
Machine FALSE Windows Components\Windows Error Reporting HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI
User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled At least Windows Vista This policy setting turns off Windows Error Reporting
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled At least Windows Vista This policy setting turns off Windows Error Reporting
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontShowUI At least Windows Vista This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled At least Windows Vista This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled At least Windows Vista This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData At least Windows Vista This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData At least Windows Vista This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether Windows Error Reporting (WER) sends additional
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether Windows Error Reporting (WER) sends additional
User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling At least Windows Server 2012
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling At least Windows Server 2012
User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling At least Windows Server 2012
Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling At least Windows Server 2012
User TRUE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!AutoApproveOSDumps This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products
Machine TRUE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!AutoApproveOSDumps This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList Windows Server 2003 and Windows XP only This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList Windows Server 2003 and Windows XP only This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeKernelFaults Windows Server 2003 and Windows XP only This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer
User FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications At least Windows Vista This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications At least Windows Vista This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue
User FALSE Windows Components\Windows Error Reporting\Consent HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent At least Windows Vista This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting\Consent HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent At least Windows Vista This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting\Consent HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior At least Windows Vista This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting\Consent HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior At least Windows Vista This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting
User FALSE Windows Components\Windows Error Reporting\Consent HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent At least Windows Vista This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting
Machine FALSE Windows Components\Windows Error Reporting\Consent HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent At least Windows Vista This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting
Machine FALSE HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager At least Windows Vista
Machine FALSE HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding!MaxForwardingRate At least Windows Vista
Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled
Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size
Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled
Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size
Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled
Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size
Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Enabled At least Windows Vista This policy setting turns on logging.If you enable or do not configure this policy setting
Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled
Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size
Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting
Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting
Machine FALSE Windows Components\Event Viewer HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgram At least Windows XP Professional with SP2 This is the program that will be invoked when the user clicks the events.asp link.
Machine FALSE Windows Components\Event Viewer HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgramCommandLineParameters At least Windows XP Professional with SP2 This specifies the command line parameters that will be passed to the events.asp program
Machine FALSE Windows Components\Event Viewer HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionURL At least Windows XP Professional with SP2 This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!AlwaysShowClassicMenu At least Windows Vista This policy setting configures File Explorer to always display the menu bar.Note: By default
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreventItemCreationInUsersFilesFolder At least Windows Vista This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TurnOffSPIAnimations At least Windows Vista This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention At least Windows Server 2008 R2 or Windows 7 Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!NoHeapTerminationOnCorruption At least Windows Vista Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!AdminInfoUrl At least Windows Server 2008 R2 or Windows 7 Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
Machine FALSE Windows Components\Portable Operating System HKLM\Software\Policies\Microsoft\PortableOperatingSystem!Launcher At least Windows Server 2012
Machine FALSE Windows Components\Portable Operating System HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Hibernate At least Windows Server 2012
Machine FALSE Windows Components\Portable Operating System HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Sleep At least Windows Server 2012
Machine FALSE Windows Components\File History HKLM\Software\Policies\Microsoft\Windows\FileHistory!Disabled At least Windows Server 2012
Machine FALSE System\Troubleshooting and Diagnostics\Corrupted File Recovery HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled
Machine FALSE System\File Share Shadow Copy Agent HKLM\Software\Policies\Microsoft\Windows\fssAgent!MaximumShadowCopyAgeInHours At least Windows Server 2012
Machine FALSE System\File Share Shadow Copy Provider HKLM\Software\Policies\Microsoft\Windows\fssProv!EncryptProtocol At least Windows Server 2012
Machine FALSE System\Filesystem HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState
Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsDisableCompression Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsDisableEncryption Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files
Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsEncryptPagingFile Encrypting the page file prevents malicious users from reading data that has been paged to disk
Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsDisable8dot3NameCreation These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility
Machine FALSE System\Filesystem HKLM\System\CurrentControlSet\Policies!DisableDeleteNotification Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0
Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsEnableTxfDeprecatedFunctionality TXF deprecated features included savepoints
User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths At least Windows Vista This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs
User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\NetCache!DisableFRAdminPin At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to control whether all redirected shell folders
User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder
Machine FALSE System\Folder Redirection HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths At least Windows Vista This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs
User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!FolderRedirectionEnableCacheRename At least Windows Server 2012
User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR At least Windows Server 2012
Machine FALSE System\Folder Redirection HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR At least Windows Server 2012
User FALSE Windows Components\File Explorer\Explorer Frame Pane HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPreviewPane At least Windows Vista This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane
User FALSE Windows Components\File Explorer\Explorer Frame Pane HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoReadingPane At least Windows Vista Hides the Preview Pane in File Explorer.If you enable this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\Fault Tolerant Heap HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled
Machine FALSE Windows Components\Game Explorer HKLM\Software\Policies\Microsoft\Windows\GameUX!DownloadGameInfo At least Windows Vista Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting
Machine FALSE Windows Components\Game Explorer HKLM\Software\Policies\Microsoft\Windows\GameUX!ListRecentlyPlayed At least Windows Vista Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting
Machine FALSE Windows Components\Game Explorer HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions At least Windows Vista Manages download of game update information from Windows Metadata Services.If you enable this setting
User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect At least Windows Vista This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales
Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect At least Windows Vista This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales
Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales
Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!BlockUserInputMethodsForSignIn At least Windows Server 2012
User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales
Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales
User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange At least Windows Vista This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting
Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange At least Windows Vista This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting
User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides At least Windows Vista This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides
Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides At least Windows Vista This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideAdminOptions At least Windows Vista This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideCurrentLocation At least Windows Vista This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideLanguageSelection At least Windows Vista This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideLocaleSelectAndCustomize At least Windows Vista This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting
Machine FALSE Control Panel\Regional and Language Options HKLM\Software\Policies\Microsoft\MUI\Settings!PreferredUILanguages At least Windows Vista This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\Desktop!PreferredUILanguages At least Windows Vista This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting
Machine FALSE Control Panel\Regional and Language Options HKLM\Software\Policies\Microsoft\MUI\Settings!MachineUILock At least Windows Vista This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\Desktop!MultiUILanguageID At least Windows 2000 This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffOfferTextPredictions At least Windows Vista This policy turns off the offer text predictions as I type option. This does not
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffInsertSpace At least Windows Vista This policy turns off the insert a space after selecting a text prediction option. This does not
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffAutocorrectMisspelledWords At least Windows Vista This policy turns off the autocorrect misspelled words option. This does not
User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffHighlightMisspelledWords At least Windows Vista This policy turns off the highlight misspelled words option. This does not
Machine FALSE Control Panel\Regional and Language Options HKLM\Software\Policies\Microsoft\Control Panel\International!BlockCleanupOfUnusedPreinstalledLangPacks At least Windows Server 2012
User FALSE System HKCU\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax!1 At least Windows 2000 This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly
User FALSE Control Panel\Regional and Language Options\Handwriting personalization HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection
Machine FALSE Control Panel\Regional and Language Options\Handwriting personalization HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!ProcessTSUserLogonAsync At least Windows Server 2008 This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default
Machine TRUE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization
Machine TRUE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!ResetDfsClientInfoDuringRefreshPolicy At least Windows Server 2012
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DisableAOACProcessing At least Windows Server 2012
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDefaultForDirectAccess At least Windows Server 2012
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!SlowlinkDefaultToAsync At least Windows Vista This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DisableLGPOProcessing At least Windows Vista This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue At least Windows Vista This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!AllowX-ForestPolicy-and-RUP At least Windows Server 2003 This policy setting allows user-based policy processing
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser At least Windows Server 2003 operating systems or Windows XP Professional This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser At least Windows Server 2003 operating systems or Windows XP Professional This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DisableAutoADMUpdate Windows Server 2003
Machine FALSE System\Group Policy HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableBkGndGroupPolicy At least Windows 2000 This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DenyUsersFromMachGP At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!ShowPoliciesOnly At least Windows 2000 This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DCOption At least Windows 2000 This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate At least Windows 2000 This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!GPODisplayName At least Windows 2000 This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured
User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!NewGPOLinksDisabled At least Windows 2000 This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy!OnlyUseLocalAdminFiles Windows Server 2003 and Windows XP only This policy setting lets you always use local ADM files for the Group Policy snap-in.By default
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!RSoPLogging At least Windows Server 2003 operating systems or Windows XP Professional This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!UserPolicyMode At least Windows 2000 This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!CorpConnStartTimeoutPolicyValue At least Windows Server 2012
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel
Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink
Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{6A712058-33C6-4046-BCF9-0EA3A8808EDC}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0DA274B5-EB93-47A7-AAFB-65BA532D3FE6}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{17C6249E-BA57-4F69-AE93-4FB3D25CD9D7}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{1612b55c-243c-48dd-a449-ffc097b19776}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{35141B6B-498A-4cc7-AD59-CEF93D89B2CE}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{5C935941-A954-4F7C-B507-885941ECE5C4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{79F92669-4224-476c-9C5C-6EFB4D87DF4A}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{9AD2BAFE-63B4-4883-A08C-C3C6196BCAFD}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{CF848D48-888D-4F45-B530-6A201E62A605}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{127537A8-C1ED-40BC-9AE5-C5891DF6B2D4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{45B01F1C-5AC2-458c-9457-42A81B34A26D}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!HelpQualifiedRootDir At least Internet Explorer 6 Service Pack 1 This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively
User FALSE System HKCU\Software\Policies\Microsoft\Windows\System!DisableInHelp At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!DisableInHelp At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!DisableHHDEP At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting
Machine FALSE Windows Components\Online Assistance HKLM\Software\Policies\Microsoft\Assistance\Client\1.0!NoActiveHelp At least Windows Vista This policy setting specifies whether active content links in trusted assistance content are rendered. By default
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoExplicitFeedback At least Windows Vista This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoImplicitFeedback At least Windows Vista This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoOnlineAssist At least Windows Vista This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting
Machine FALSE Network\Hotspot Authentication HKLM\Software\Policies\Microsoft\Windows\HotspotAuthentication!Enabled At least Windows Server 2012
User FALSE System\Internet Communication Management HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication
Machine FALSE System\Internet Communication Management HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting At least Windows XP Professional with SP2 This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload At least Windows XP Professional with SP2 This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate Windows Server 2008
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess At least Windows Server 2003 operating systems
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith Windows Server 2008
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith Windows Server 2008
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith At least Windows Server 2012
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith At least Windows Server 2012
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the tasks "Publish this file to the Web
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the tasks "Publish this file to the Web
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\SQMClient\Windows!CEIPEnable At least Windows Vista This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!NoActiveProbe At least Windows Vista This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level
Machine FALSE Windows Components\Internet Information Services HKLM\Software\Policies\Microsoft\Windows NT\IIS!PreventIISInstall Windows Server 2003 only "This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A}
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{DED22F57-FEE2-11D0-953B-00C04FD9152D} At least Internet Explorer 5.0 Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2D360201-FFF5-11D1-8D03-00A0C959BC0A} At least Internet Explorer 5.0 This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D27CDB6E-AE6D-11CF-96B8-444553540000} At least Internet Explorer 5.0 Designates Shockwave flash as an administrator approved control.If you enable this policy
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93}
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67}
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} At least Internet Explorer 5.0 Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D6526FE0-E651-11CF-99CB-00C04FD64497} At least Internet Explorer 5.0 Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2FF18E10-DE11-11D1-8161-00A0C90DD90C} At least Internet Explorer 5.0 Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{26F24A93-1DA2-11D0-A334-00AA004A5FC5} At least Internet Explorer 5.0 Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{AE24FDAE-03C6-11D1-8B76-0080C744F389} At least Internet Explorer 5.0 Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy
User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{BD1F006E-174F-11D2-95C0-00C04F9A8CFA} At least Internet Explorer 5.0 Designates Microsoft Survey Control as an administrator approved control.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled At least Internet Explorer 10.0 on Windows 8 This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled At least Internet Explorer 10.0 on Windows 8 This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender!Enabled At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer preemptively loads websites and content in the background
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender!Enabled At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer preemptively loads websites and content in the background
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\DesktopSwipe!Enabled At least Internet Explorer 11.0 This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\DesktopSwipe!Enabled At least Internet Explorer 11.0 This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType At least Internet Explorer 7.0 This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType At least Internet Explorer 7.0 This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup At least Internet Explorer 8.0 This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup At least Internet Explorer 8.0 This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation At least Internet Explorer 10.0 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation At least Internet Explorer 10.0 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation64Bit At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation64Bit At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat At least Internet Explorer 10.0 This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat At least Internet Explorer 10.0 This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack At least Internet Explorer 10.0 This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack At least Internet Explorer 10.0 This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSPDY3_0 At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSPDY3_0 At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols At least Internet Explorer 8.0 This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols At least Internet Explorer 8.0 This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED At least Internet Explorer 7.0 This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED At least Internet Explorer 7.0 This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether software
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether software
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Content Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor At least Internet Explorer 10.0 This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Content Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor At least Internet Explorer 10.0 This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Append Completion At least Internet Explorer 7.0 This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Use AutoComplete Only Internet Explorer 4.0 This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKLM\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry At least Internet Explorer 9.0 This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry At least Internet Explorer 9.0 This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Disable Script Debugger At least Internet Explorer 7.0 This policy setting allows you to turn on your script debugger
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Friendly http errors At least Internet Explorer 7.0 This policy setting specifies whether
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Page_Transitions Only Internet Explorer 5.0 through Internet Explorer 8.0 This policy setting specifies if
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Error Dlg Displayed On Every Error At least Internet Explorer 7.0 This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!SmoothScroll At least Internet Explorer 7.0 This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Anchor Underline At least Internet Explorer 7.0 This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FormatDetection!PhoneNumberEnabled At least Internet Explorer 11.0 This policy setting determines whether phone numbers are recognized and turned into hyperlinks
User TRUE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FormatDetection!PhoneNumberEnabled At least Internet Explorer 11.0 This policy setting determines whether phone numbers are recognized and turned into hyperlinks
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingChannels Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingSubscriptions Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelLogging Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelUI Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingScheduleGroups Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from adding
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingSubscriptions Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingChannels Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingSubscriptions Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoScheduledUpdates Only Internet Explorer 5.0 and Internet Explorer 6.0 Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing
User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSubscriptionContent Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing
Machine FALSE Windows Components\Internet Explorer\Corporate Settings\Code Download HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CodeBaseSearchPath At least Internet Explorer 7.0 This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab At least Internet Explorer 5.0 Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab At least Internet Explorer 5.0 Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab At least Internet Explorer 5.0 Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab At least Internet Explorer 5.0 Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab At least Internet Explorer 5.0 If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab At least Internet Explorer 5.0 If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab At least Internet Explorer 5.0 Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab At least Internet Explorer 5.0 Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab At least Internet Explorer 5.0 Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab At least Internet Explorer 5.0 Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab At least Internet Explorer 5.0 Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab At least Internet Explorer 5.0 Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab At least Internet Explorer 5.0 Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab At least Internet Explorer 5.0 Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors At least Internet Explorer 7.0 This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired"
User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors At least Internet Explorer 7.0 This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired"
User FALSE Windows Components\Internet Explorer\Internet Settings\URL Encoding HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!UrlEncoding At least Internet Explorer 7.0 This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8)
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Background Color At least Internet Explorer 7.0 This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Text Color At least Internet Explorer 7.0 This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use_DlgBox_Colors At least Internet Explorer 7.0 This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Component Updates\Help Menu > About Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion!IEAKUpdateUrl At least Internet Explorer 7.0 This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Internet Connection Wizard Settings HKCU\Software\Policies\Microsoft\Internet Connection Wizard!DisableICW At least Internet Explorer 7.0. Not supported on Windows Vista This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed
Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID
User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID
Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls
User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls
Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default
User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default
Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT
User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT
Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors
User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors
Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4 At least Internet Explorer 9.0 This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default
User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4 At least Internet Explorer 9.0 This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default
Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS
User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS
Machine FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example
User FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example
Machine FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING
User FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING
Machine FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default
User FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default
Machine FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND
User FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND
Machine FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens
User FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens
Machine FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN
User FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN
Machine FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING
User FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING
Machine FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL
User FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL
Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
Machine FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING
User FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING
Machine FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet
User FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet
Machine FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION
User FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION
Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL
User FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL
Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD
User FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD
Machine FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer allows scripts to programmatically open
User FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer allows scripts to programmatically open
Machine FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved)
User FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS
User FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS
Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3
User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer!AllowServicePoweredQSA At least Internet Explorer 11.0 This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions
User TRUE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer!AllowServicePoweredQSA At least Internet Explorer 11.0 This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover At least Internet Explorer 8.0 This policy setting turns off Automatic Crash Recovery.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover At least Internet Explorer 8.0 This policy setting turns off Automatic Crash Recovery.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders At least Internet Explorer 7.0 This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders At least Internet Explorer 7.0 This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus At least Internet Explorer 7.0 This policy setting allows you to turn on or turn off the earlier menus (for example
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus At least Internet Explorer 7.0 This policy setting allows you to turn on or turn off the earlier menus (for example
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableAutoProxyResultCache At least Internet Explorer 5.0 Prevents automatic proxy scripts
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExternalBranding At least Internet Explorer 5.0 Prevents branding of Internet programs
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Advanced At least Internet Explorer 5.0 Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version At least Internet Explorer 7.0 This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version At least Internet Explorer 7.0 This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DialupAutodetect At least Internet Explorer 5.0 Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings At least Internet Explorer 7.0 This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings At least Internet Explorer 7.0 This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled Only Internet Explorer 7.0 This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled Only Internet Explorer 7.0 This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV8 Only Internet Explorer 8.0 This policy setting allows the user to enable the SmartScreen Filter
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!DisablePopupFilterLevel At least Internet Explorer 7.0 This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisplayScriptDownloadFailureUI At least Internet Explorer 5.0 Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe At least Internet Explorer 7.0 This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe At least Internet Explorer 7.0 This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites At least Internet Explorer 5.0 This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites At least Internet Explorer 5.0 This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation At least Internet Explorer 9.0 This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation At least Internet Explorer 9.0 This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE At least Internet Explorer 10.0 on Windows 8 This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE At least Internet Explorer 10.0 on Windows 8 This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled At least Internet Explorer 7.0 This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled At least Internet Explorer 7.0 This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Identities!Locked Down Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck At least Internet Explorer 9.0 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9
User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck At least Internet Explorer 9.0 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications At least Internet Explorer 9.0 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications At least Internet Explorer 9.0 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled At least Internet Explorer 9.0 This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled At least Internet Explorer 9.0 This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory At least Internet Explorer 7.0 This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory At least Internet Explorer 7.0 This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms At least Internet Explorer 7.0 This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms At least Internet Explorer 7.0 This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords At least Internet Explorer 7.0 This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords At least Internet Explorer 7.0 This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies At least Internet Explorer 8.0 This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies At least Internet Explorer 8.0 This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory At least Internet Explorer 8.0 This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory At least Internet Explorer 8.0 This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory At least Internet Explorer 9.0 This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory At least Internet Explorer 9.0 This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF At least Internet Explorer 8.0 This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF At least Internet Explorer 8.0 This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking Only Internet Explorer 8.0 This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking Only Internet Explorer 8.0 This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList At least Internet Explorer 8.0 This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList At least Internet Explorer 8.0 This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit At least Internet Explorer 8.0 This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit At least Internet Explorer 8.0 This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize At least Internet Explorer 7.0 This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize At least Internet Explorer 7.0 This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu At least Internet Explorer 7.0 This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu At least Internet Explorer 7.0 This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox Only Internet Explorer 7.0 and Internet Explorer 8.0 This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox Only Internet Explorer 7.0 and Internet Explorer 8.0 This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal At least Internet Explorer 8.0 This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal At least Internet Explorer 8.0 This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick Only Internet Explorer 8.0 This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick Only Internet Explorer 8.0 This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoJITSetup Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents Internet Explorer from automatically installing components.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth At least Internet Explorer 8.0 This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth At least Internet Explorer 8.0 This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload At least Internet Explorer 9.0 This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload At least Internet Explorer 9.0 This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow At least Internet Explorer 8.0 This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow At least Internet Explorer 8.0 This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Groups At least Internet Explorer 8.0 This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider At least Internet Explorer 7.0 This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider At least Internet Explorer 7.0 This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSplash Only Internet Explorer 5.0 Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow At least Internet Explorer 7.0 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow At least Internet Explorer 7.0 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoUpdateCheck Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse At least Internet Explorer 7.0 This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse At least Internet Explorer 7.0 This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Outlook Express!BlockExeAttachments Only Internet Explorer 6.0 Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Accessibility At least Internet Explorer 5.0 If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig At least Internet Explorer 5.0 This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig At least Internet Explorer 5.0 This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Cache At least Internet Explorer 5.0 Prevents users from changing the browser cache settings
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!CalendarContact At least Internet Explorer 5.0. Not supported on Windows Vista Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Certificates At least Internet Explorer 5.0 Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Check_If_Default Only Internet Explorer 5.0 through Internet Explorer 9.0 Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Check_Associations At least Internet Explorer 10.0 This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Colors At least Internet Explorer 5.0 Prevents users from changing the default Web page colors.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings At least Internet Explorer 5.0 Prevents users from changing dial-up settings.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connwiz Admin Lock At least Internet Explorer 5.0 Prevents users from running the Internet Connection Wizard.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Fonts At least Internet Explorer 5.0 Prevents users from changing font settings.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages At least Internet Explorer 8.0 Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages At least Internet Explorer 8.0 Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Languages At least Internet Explorer 5.0 Prevents users from changing language preference settings.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!links At least Internet Explorer 5.0 Prevents users from changing the colors of links on Web pages.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Messaging At least Internet Explorer 5.0. Not supported on Windows Vista Prevents users from changing the default programs for messaging tasks.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList At least Internet Explorer 7.0 You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList At least Internet Explorer 7.0 You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Profiles Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from changing Profile Assistant settings.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy At least Internet Explorer 5.0 This policy setting specifies if a user can change proxy settings.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy At least Internet Explorer 5.0 This policy setting specifies if a user can change proxy settings.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Ratings At least Internet Explorer 5.0 Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ResetWebSettings Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from restoring default settings for home and search pages.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings Only Internet Explorer 5.0 through Internet Explorer 7.0 This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history
User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings Only Internet Explorer 5.0 through Internet Explorer 7.0 This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest At least Internet Explorer 5.0 This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest At least Internet Explorer 5.0 This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKLM\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes At least Internet Explorer 8.0 This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes At least Internet Explorer 8.0 This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKLM\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled At least Internet Explorer 10.0 This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled At least Internet Explorer 10.0 This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFindFiles Only Internet Explorer 5.0 and Internet Explorer 6.0 Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchCustomization Only Internet Explorer 5.0 and Internet Explorer 6.0 Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_HKLM_only At least Internet Explorer 5.0 Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_options_edit At least Internet Explorer 5.0 Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_zones_map_edit At least Internet Explorer 5.0 Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMSAppLogo5ChannelNotify Only Internet Explorer 5.0 and Internet Explorer 6.0 Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly At least Internet Explorer 7.0 This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly At least Internet Explorer 7.0 This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram At least Internet Explorer 7.0. Not supported on Windows Vista This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram At least Internet Explorer 7.0. Not supported on Windows Vista This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground At least Internet Explorer 7.0 This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground At least Internet Explorer 7.0 This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxySettingsPerUser At least Internet Explorer 5.0 Applies proxy settings to all users of the same computer.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving At least Internet Explorer 8.0 This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving At least Internet Explorer 8.0 This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect At least Internet Explorer 7.0 This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect At least Internet Explorer 7.0 This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet At least Internet Explorer 7.0 This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet At least Internet Explorer 7.0 This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
TRUE
TRUE
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Hover At least Internet Explorer 7.0 This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color At least Internet Explorer 7.0 This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Visited At least Internet Explorer 7.0 This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users
User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Use Anchor Hover Color At least Internet Explorer 7.0 This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserClose At least Internet Explorer 5.0 Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserSaveAs At least Internet Explorer 5.0 Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserSaveWebComplete At least Internet Explorer 5.0 Prevents users from saving the complete contents that are displayed on or run from a Web page
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileNew At least Internet Explorer 5.0 Prevents users from opening a new browser window from the File menu.If this policy is enabled
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileOpen At least Internet Explorer 5.0 Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemSendFeedback At least Internet Explorer 5.0 Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemNetscapeHelp Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTipOfTheDay Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTutorial At least Internet Explorer 7.0 Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserContextMenu At least Internet Explorer 5.0 This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFavorites At least Internet Explorer 5.0 Prevents users from adding
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoOpeninNewWnd At least Internet Explorer 5.0 Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoSelectDownloadDir At least Internet Explorer 5.0 Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy
Machine FALSE Windows Components\Internet Explorer\Browser menus HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting At least Internet Explorer 5.0 This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting At least Internet Explorer 5.0 This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserOptions At least Internet Explorer 5.0 Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoTheaterMode At least Internet Explorer 5.0 Prevents users from displaying the browser in full-screen (kiosk) mode
User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoViewSource At least Internet Explorer 5.0 Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable AutoImageResize At least Internet Explorer 7.0 This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Images At least Internet Explorer 7.0 This policy setting specifies whether graphical images are included when pages are displayed.Sometimes
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec At least Internet Explorer 9.0 This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec At least Internet Explorer 9.0 This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Show image placeholders At least Internet Explorer 7.0 This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer!SmartDithering At least Internet Explorer 7.0 This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Persistence Behavior HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Printing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Print_Background At least Internet Explorer 7.0 This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing
Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus At least Internet Explorer 7.0 This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting
User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus At least Internet Explorer 7.0 This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting
Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload At least Internet Explorer 7.0 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting
User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload At least Internet Explorer 7.0 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting
Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove At least Internet Explorer 7.0 This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting
User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove At least Internet Explorer 7.0 This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting
Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled At least Internet Explorer 7.0 This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting
User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled At least Internet Explorer 7.0 This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting
Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane At least Internet Explorer 7.0 This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting
User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane At least Internet Explorer 7.0 This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting
Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear At least Internet Explorer 8.0 This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting
User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear At least Internet Explorer 8.0 This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!* At least Internet Explorer 7.0 This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete
User FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!* At least Internet Explorer 7.0 This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete
Machine FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved)
User FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved)
Machine FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt
User FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch At least Internet Explorer 7.0 This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch At least Internet Explorer 7.0 This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult At least Internet Explorer 9.0 This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult At least Internet Explorer 9.0 This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP At least Internet Explorer 7.0 This policy setting allows the user to run natively implemented
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP At least Internet Explorer 7.0 This policy setting allows the user to run natively implemented
Machine FALSE Windows Components\Internet Explorer\Security Features HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DEPOff At least Internet Explorer 8.0 This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008
Machine FALSE Windows Components\Internet Explorer\Security Features HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal At least Internet Explorer 10.0 This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button
User FALSE Windows Components\Internet Explorer\Security Features HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal At least Internet Explorer 10.0 This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe At least Internet Explorer 10.0 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe At least Internet Explorer 10.0 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also
Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 10.0 This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 10.0 This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Signup Settings HKCU\Software\Policies\Microsoft\IEAK!NoAutomaticSignup At least Internet Explorer 7.0 This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader At least Internet Explorer 7.0 This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader At least Internet Explorer 7.0 This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled At least Internet Explorer 8.0 This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled At least Internet Explorer 8.0 This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoBandCustomize At least Internet Explorer 5.0 Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarCustomize At least Internet Explorer 5.0 Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled At least Internet Explorer 8.0 This policy setting allows you to show or hide the Command bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled At least Internet Explorer 8.0 This policy setting allows you to show or hide the Command bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb At least Internet Explorer 8.0 This policy setting allows you to show or hide the status bar.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb At least Internet Explorer 8.0 This policy setting allows you to show or hide the status bar.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked At least Internet Explorer 8.0 This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked At least Internet Explorer 8.0 This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar At least Internet Explorer 8.0 This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar At least Internet Explorer 8.0 This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption At least Internet Explorer 8.0 This policy setting allows you to choose among three different labels for command buttons: show all text labels
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption At least Internet Explorer 8.0 This policy setting allows you to choose among three different labels for command buttons: show all text labels
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons At least Internet Explorer 8.0 This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons At least Internet Explorer 8.0 This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar At least Internet Explorer 9.0 This policy setting allows you to manage where tabs are displayed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar At least Internet Explorer 9.0 This policy setting allows you to manage where tabs are displayed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Interval At least Internet Explorer 7.0 This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Page At least Internet Explorer 7.0 This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt At least Internet Explorer 8.0 This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before
User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt At least Internet Explorer 8.0 This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled At least Internet Explorer 8.0 This policy setting controls the Suggested Sites feature
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled At least Internet Explorer 8.0 This policy setting controls the Suggested Sites feature
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing At least Internet Explorer 8.0 This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing At least Internet Explorer 8.0 This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars At least Internet Explorer 8.0 This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars At least Internet Explorer 8.0 This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging Only Internet Explorer 8.0 This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging Only Internet Explorer 8.0 This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold Only Internet Explorer 8.0 This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold Only Internet Explorer 8.0 This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking Only Internet Explorer 8.0 This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking Only Internet Explorer 8.0 This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold At least Internet Explorer 9.0 This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold At least Internet Explorer 9.0 This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However
Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection At least Internet Explorer 9.0 This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection At least Internet Explorer 9.0 This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall At least Internet Explorer 8.0 This policy setting allows you to add non-default Accelerators.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall At least Internet Explorer 8.0 This policy setting allows you to add non-default Accelerators.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall At least Internet Explorer 8.0 This policy setting allows you to add default Accelerators.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall At least Internet Explorer 8.0 This policy setting allows you to add default Accelerators.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities At least Internet Explorer 8.0 This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities At least Internet Explorer 8.0 This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly At least Internet Explorer 8.0 This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly At least Internet Explorer 8.0 This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing At least Internet Explorer 8.0 This policy setting controls the Compatibility View feature
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing At least Internet Explorer 8.0 This policy setting controls the Compatibility View feature
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode At least Internet Explorer 8.0 This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode At least Internet Explorer 8.0 This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList At least Internet Explorer 8.0 This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList At least Internet Explorer 8.0 This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList At least Internet Explorer 8.0 Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList At least Internet Explorer 8.0 Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode At least Internet Explorer 8.0 This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode At least Internet Explorer 8.0 This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode At least Internet Explorer 9.0 This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed
User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode At least Internet Explorer 9.0 This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases At least Internet Explorer 10.0 This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases At least Internet Explorer 10.0 This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches At least Internet Explorer 10.0 This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches At least Internet Explorer 10.0 This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays At least Internet Explorer 10.0 This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays At least Internet Explorer 10.0 This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota At least Internet Explorer 10.0 This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota At least Internet Explorer 10.0 This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB At least Internet Explorer 10.0 This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB At least Internet Explorer 10.0 This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page HKLM\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled At least Internet Explorer 10.0 This policy setting configures what Internet Explorer displays when a new browsing session is started. By default
User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page HKCU\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled At least Internet Explorer 10.0 This policy setting configures what Internet Explorer displays when a new browsing session is started. By default
Machine FALSE Windows Components\Internet Explorer\Internet Settings HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation At least Internet Explorer 10.0 on Windows 8 This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Settings HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation At least Internet Explorer 10.0 on Windows 8 This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Settings HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode At least Internet Explorer 10.0 on Windows 8 This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide
User FALSE Windows Components\Internet Explorer\Internet Settings HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode At least Internet Explorer 10.0 on Windows 8 This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide
Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAutoUpgrade At least Internet Explorer 10.0 This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports At least Windows Vista Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports At least Windows Vista Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy
Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureiSNSServers At least Windows Vista If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargetPortals At least Windows Vista If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargets At least Windows Vista If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!NewStaticTargets At least Windows Vista If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
Machine FALSE System\iSCSI\General iSCSI HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeIQNName At least Windows Vista If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
Machine FALSE System\iSCSI\General iSCSI HKLM\Software\Policies\Microsoft\Windows\iSCSI!RestrictAdditionalLogins At least Windows Vista If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.
Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeCHAPSecret At least Windows Vista If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.
Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireIPSec At least Windows Vista If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.
Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireMutualCHAP At least Windows Vista If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.
Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireOneWayCHAP At least Windows Vista If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.
Machine FALSE System\KDC HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EmitLILI At least Windows Vista This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting
Machine FALSE System\KDC HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch
TRUE
Machine FALSE System\KDC HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!KdcValidation At least Windows Vista This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!StrictTargetContext At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN)
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!NoRevocationCheck At least Windows Server 2012
Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!RequireFast At least Windows Server 2012
Machine FALSE System\Kerberos HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled
Machine FALSE System\Kerberos HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize
TRUE
Machine FALSE Network\Lanman Server HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashPublicationForPeerCaching At least Windows Server 2008 R2 or Windows 7 This policy setting specifies whether a hash generation service generates hashes
Machine FALSE Network\Lanman Server HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashSupportVersion At least Windows Server 2012
Machine FALSE System\Troubleshooting and Diagnostics\Windows Memory Leak Diagnosis HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled
Machine FALSE Network\Link-Layer Topology Discovery HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableLLTDIO
Machine FALSE Network\Link-Layer Topology Discovery HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableRspndr
Machine FALSE Windows Components\Location and Sensors\Windows Location Provider HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableWindowsLocationProvider At least Windows Server 2012
User FALSE System\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRun At least Windows 2000 This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRun At least Windows 2000 This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista
User FALSE System\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRunOnce At least Windows 2000 This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRunOnce At least Windows 2000 This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonType At least Windows Server 2003 operating systems or Windows XP Professional This policy setting forces the user to log on to the computer using the classic logon screen. By default
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen Windows 2000 only This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting
User FALSE System\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run At least Windows 2000 This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run At least Windows 2000 This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon!SyncForegroundPolicy At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether Group Policy processing is synchronous (that is
Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStatusMessages Windows Server 2003
User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen Windows 2000 only This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting
Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!VerboseStatus At least Windows 2000 This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideFastUserSwitching At least Windows Vista This policy setting allows you to hide the Switch User interface in the Logon UI
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStartupSound At least Windows Vista This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup
Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableFirstLogonAnimation At least Windows Server 2012
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!UseOEMBackground Windows Server 2008 R2 and Windows 7 This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!DontEnumerateConnectedUsers At least Windows Server 2012
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!EnumerateLocalUsers At least Windows Server 2012
Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!DisableLockScreenAppNotifications At least Windows Server 2012
User FALSE Windows Components\Windows Media Center HKCU\Software\Policies\Microsoft\WindowsMediaCenter!MediaCenter At least Windows Vista This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos
Machine FALSE Windows Components\Windows Media Center HKLM\Software\Policies\Microsoft\WindowsMediaCenter!MediaCenter At least Windows Vista This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos
User FALSE Windows Components\Microsoft Management Console HKCU\Software\Policies\Microsoft\MMC!RestrictAuthorMode At least Windows 2000 Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode
User FALSE Windows Components\Microsoft Management Console HKCU\Software\Policies\Microsoft\MMC!RestrictToPermittedSnapins At least Windows 2000 Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{B708457E-DB61-4C55-A92F-0D4B5E9B1224}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional Permits or prohibits use of this snap-in.If you enable this setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional Permits or prohibits use of this snap-in.If you enable this setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{C96401D1-0E17-11D3-885B-00C04F72C717}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional Permits or prohibits use of this snap-in.If you enable this setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{1AA7F83C-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{1F5EEC01-1214-4D94-80C5-4BDCD2014DDD}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{3F276EB4-70EE-11D1-8A0F-00C04FB93753}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE450B-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{9EC88934-C774-11d1-87F4-00C04FC2C17B}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE4502-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{634BDE40-E5E1-49A1-B2CD-140FFFC830F9}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{394C052E-B830-11D0-9A86-00C04FD8DBF7}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{2E19B602-48EB-11d2-83CA-00104BCA42CF}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{90810502-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{6E8E0081-19CD-11D1-AD91-00AA00B8E05A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{6d8880af-e518-43a8-986c-1ad21c4c976e}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{34AB8E82-C27E-11D1-A6C0-00C04FB94F17}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{5880CD5C-8EC0-11d1-9570-0060B0576642}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{243E20B0-48ED-11D2-97DA-00A024D77700}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{DAB1A262-4FD7-11D1-842C-00C04FB6C218}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{B1AFF7D0-0C49-11D1-BB12-00C04FC9A3A3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{58221C69-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{03f1f940-a0f2-11d0-bb77-00aa00a1eab7}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{7AF60DD3-4979-11D1-8A6C-00C04FC33566}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}!Restrict_Run Windows Server 2003
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4ecb-66b2-44e8-9915-be02e84438ba}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3060E8CE-7020-11D2-842D-00C04FA372D4}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B6664F-4972-11D1-A7CA-0000F87571E3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B66650-4972-11D1-A7CA-0000F87571E3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{942A8E4F-A261-11D1-A760-00C04FB9603F}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{06993B16-A5C7-47EB-B61C-B1CB7EE600AC}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{2DA6AA7F-8C88-4194-A558-0D36E7FD3E64}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AE-EF3A-41C8-A911-37370C331DD4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AF-EF3A-41C8-A911-37370C331DD4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{c40d66a0-e90c-46c6-aa3b-473e38c72bf2}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{d524927d-6c08-46bf-86af-391534d779d3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B66660-4972-11d1-A7CA-0000F87571E3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B66661-4972-11d1-A7CA-0000F87571E3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{fe883157-cebd-4570-b7a2-e4fe06abe626}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{7E45546F-6D52-4D10-B702-9C2E67232E62}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{1C5DACFA-16BA-11D2-81D0-0000F87A7AA3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{de751566-4cc6-11d1-8ca0-00c04fc297eb}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{A994E107-6854-4F3D-917C-E6F01670F6D3}!Restrict_Run At least Windows Server 2003 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{74246bfc-4c96-11d0-abef-0020af6b0b7a}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{43668E21-2636-11D1-A1CE-0080C88593A5}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{D2779945-405B-4ACE-8618-508F3E3054AC}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{FF5903A8-78D6-11D1-92F6-006097B01056}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{89cc9588-7628-4d29-8e4a-6550d0087059}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}!Restrict_Run Windows Server 2003 only This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA2-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{57C596D0-9370-40C0-BA0D-AB491B63255D}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4eca-66b2-44e8-9915-be02e84438ba}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{18BA7139-D98B-43c2-94DA-2604E34E175D}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{6630f2d7-bd52-4072-bfa7-863f3d0c5da0}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{3D5D035E-7721-4B83-A645-6C07A3D403B7}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{45ac8c63-23e2-11d1-a696-00c04fd58bc3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{23DC5869-BD9F-46fd-AADD-1F869BA64FC3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{9FE24B92-C23D-451c-8045-73038D99E620}!Restrict_Run At least Windows Server 2008 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{C11D2F3B-E2F4-4e5b-824B-84A87AB0F666}!Restrict_Run At least Windows Server 2008 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc35-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc37-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{dbfca500-8c31-11d0-aa2c-00a0c92749a3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{813C1B01-6624-4922-9C6C-03C315646584}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f9f63d92-6225-410b-bb02-26239b8f1f59}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{671ee405-c969-4af9-ad1b-65e96b3b9a10}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f78fbadd-c21a-4e0a-b53d-c879a9c8f002}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46c-1297-4474-9cdf-831ebb245f49}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46e-1297-4474-9cdf-831ebb245f49}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
User FALSE Windows Components\Windows Mobility Center HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter At least Windows Vista This policy setting turns off Windows Mobility Center.If you enable this policy setting
Machine FALSE Windows Components\Windows Mobility Center HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter At least Windows Vista This policy setting turns off Windows Mobility Center.If you enable this policy setting
User FALSE Windows Components\Presentation Settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings At least Windows Vista This policy setting turns off Windows presentation settings.If you enable this policy setting
Machine FALSE Windows Components\Presentation Settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings At least Windows Vista This policy setting turns off Windows presentation settings.If you enable this policy setting
Machine FALSE Windows Components\Maintenance Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Activation Boundary This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting
Machine TRUE Windows Components\Maintenance Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized
Machine FALSE Windows Components\Maintenance Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!WakeUp This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note
Machine FALSE System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!DisableQueryRemoteServer At least Windows Server 2008 R2 or Windows 7 This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownBrowse At least Windows 2000 This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownMedia At least Windows 2000 This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownPatch At least Windows 2000 This policy setting allows users to patch elevated products.If you enable this policy setting
User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated At least Windows 2000 This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated At least Windows 2000 This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableAutomaticApplicationShutdown Windows Installer v4.0 This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableBrowse At least Windows 2000 This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableFlyweightPatching Windows Installer v3.0 This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLoggingFromPackage Windows Installer v4.0 This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting
User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!DisableMedia At least Windows 2000 This policy setting prevents users from installing any programs from removable media.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableMSI At least Windows 2000 This policy setting restricts the use of Windows Installer.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatch At least Windows 2000 This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting
User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!DisableRollback At least Windows 2000 This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableRollback At least Windows 2000 This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!EnableUserControl At least Windows 2000 This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLUAPatching Windows Installer v3.0 This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatchUninstall Windows Installer v3.0 This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!LimitSystemRestoreCheckpointing At least Windows Server 2003 operating systems or Windows XP Professional This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableUserInstalls Microsoft Windows XP or Windows 2000 with Windows Installer v2.0 This policy setting allows you to configure user installs. To configure this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!EnforceUpgradeComponentRules Windows Installer v3.0 This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!MaxPatchCacheSize Windows Installer v3.0 This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!Logging At least Windows 2000 Specifies the types of events that Windows Installer records in its transaction log for each installation. The log
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!SafeForScripting At least Windows 2000 This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting
User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!SearchOrder At least Windows 2000 This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!TransformsSecure At least Windows 2000 This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableSharedComponent This policy setting controls the ability to turn off shared components.If you enable this policy setting
Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!MsiDisableEmbeddedUI This policy setting controls the ability to prevent embedded UI.If you enable this policy setting
Machine FALSE Windows Components\Network Access Protection HKLM\SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Qecs\79620!Enabled At least Windows XP Professional with SP2 This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!SupportEmail Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!FriendlyName Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!ShowUI Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!NamePreferenceAllowed Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!PassiveMode Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes!Probe Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs!DTE Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default
Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\CustomCommands!CustomCommand Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!WebProbeUrl At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the URL of the corporate website
Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeHost At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeContent At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!SitePrefixes At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DomainLocationDeterminationUrl At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!DisablePassivePolling At least Windows Server 2012
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidPdcOnWan At least Windows Server 2003 operating systems or Windows XP Professional This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryInitialPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryMaximumPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryQuitTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundSuccessfulRefreshPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!dbFlag At least Windows Server 2003 This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ExpectedDialupDelay At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!MaximumLogFileSize At least Windows Server 2003 This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NegativeCachePeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveScriptsShareAccess At least Windows Server 2003 This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NonBackgroundSuccessfulRefreshPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ScavengeInterval At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteName At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveSysvolShareAccess At least Windows Server 2003 This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowSingleLabelDnsDomain At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default
TRUE
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AutoSiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsAvoidRegisterRecords At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsRefreshInterval At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsTtl At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!GcSiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvPriority At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvWeight At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NdncSiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!UseDynamicDns At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!TryNextClosestSite At least Windows Vista This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ForceRediscoveryInterval At least Windows Vista This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressTypeReturned At least Windows Vista This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowNT4Crypto At least Windows Vista This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!IgnoreIncomingMailslotMessages At least Windows Vista This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidFallbackNetbiosDiscovery At least Windows Server 2012
Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressLookupOnPingBehavior At least Windows Server 2012
Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!PingUrgencyMode At least Windows Server 2012
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AddRemoveComponents Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AdvancedSettings Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowAdvancedTCPIPConfig Microsoft Windows Server 2003
Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowNetBridge_NLA At least Windows Server 2003 operating systems or Windows XP Professional Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_ChangeBindState Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteAllUserConnection Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteConnection At least Windows 2000 Service Pack 1 Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DialupPrefs At least Windows 2000 Service Pack 1 Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_EnableAdminProhibits Windows Server 2003 and Windows XP only Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_IpStateChecking Microsoft Windows XP Professional with SP2 and Windows Server 2003 family only This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanChangeProperties Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanConnect Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanProperties At least Windows 2000 Service Pack 1 Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_NewConnectionWizard Microsoft Windows Server 2003
Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_PersonalFirewallConfig Windows Server 2003 and Windows XP only Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasAllUserProperties At least Windows 2000 Service Pack 1 Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasChangeProperties Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasConnect At least Windows 2000 Service Pack 1 Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasMyProperties At least Windows 2000 Service Pack 1 Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameAllUserRasConnection Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameConnection Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameLanConnection Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameMyRasConnection At least Windows 2000 Service Pack 1 Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection
Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_ShowSharedAccessUI Microsoft Windows Server 2003
User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_Statistics Microsoft Windows Server 2003
Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_StdDomainUserSetLocation At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting
Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_DoNotShowLocalOnlyIcon At least Windows Server 2008 R2 or Windows 7 Specifies whether or not the "local access only" network icon will be shown.When enabled
Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Force_Tunneling At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess
Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainProxies At least Windows Server 2012
Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainLocalProxies At least Windows Server 2012
Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainSubnets At least Windows Server 2012
Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DProxiesAuthoritive At least Windows Server 2012
Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DSubnetsAuthoritive At least Windows Server 2012
User FALSE Windows Components\Network Projector HKCU\Software\Policies\Microsoft\NetworkProjector!DisableNetworkProjector At least Windows Vista This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting
Machine FALSE Windows Components\Network Projector HKLM\Software\Policies\Microsoft\NetworkProjector!DisableNetworkProjector At least Windows Vista This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting
Machine FALSE Windows Components\Network Projector HKLM\Software\Policies\Microsoft\NetworkProjector!NetworkProjectionPortNo At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!AlwaysPinSubFolders Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders At least Windows 2000 This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders At least Windows 2000 This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!DefCacheSize Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!Enabled At least Windows 2000 This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!EncryptCache At least Windows Server 2003 operating systems Service Pack 1
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludeExtensions Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline At least Windows 2000 This policy setting prevents users from making network files and folders available offline.If you enable this policy setting
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline At least Windows 2000 This policy setting prevents users from making network files and folders available offline.If you enable this policy setting
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoReminders Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoReminders Windows Server 2003
TRUE
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkSpeed Windows XP Professional only Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon Windows Server 2003
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend Windows Server 2003
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!EconomicalAdminPinning At least Windows Vista This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!OnlineCachingLatencyThreshold At least Windows Server 2008 R2 or Windows 7 This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludedFileTypes At least Windows Server 2008 R2 or Windows 7 This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting
User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled At least Windows Server 2012
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled At least Windows Server 2012
Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncEnabledForCostedNetwork At least Windows Server 2012
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services HKLM\Software\policies\Microsoft\Peernet!Disabled At least Windows XP Professional with SP2 This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DisableMulticastBootstrap At least Windows XP Professional with SP2 This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!Disabled At least Windows XP Professional with SP2 This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SearchOnly At least Windows XP Professional with SP2 This policy setting limits a node to resolving
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!DisableMulticastBootstrap At least Windows XP Professional with SP2 This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!Disabled At least Windows XP Professional with SP2 This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SearchOnly At least Windows XP Professional with SP2 This policy setting limits a node to resolving
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SeedServer At least Windows XP Professional with SP2 This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!DisableMulticastBootstrap At least Windows XP Professional with SP2 This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!Disabled At least Windows XP Professional with SP2 This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SearchOnly At least Windows XP Professional with SP2 This policy setting limits a node to resolving
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SeedServer At least Windows XP Professional with SP2 This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol
Machine FALSE Network\Microsoft Peer-to-Peer Networking Services HKLM\Software\policies\Microsoft\Peernet!IgnoreDomainPasswordPolicyForNewGroups At least Windows Vista By default
Machine FALSE Windows Components\Family Safety HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ParentalControls!WPCEnableOnDomain At least Windows Vista This policy setting allows you to configure the Family Safety feature.If you enable this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePcaUI At least Windows Server 2012
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service!Enable At least Windows 7 or Windows Server 2008 R2* This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication!SizePercent At least Windows 7 or Windows Server 2008 R2* This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection!Location At least Windows 7 or Windows Server 2008 R2* This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching!Enable At least Windows 7 or Windows Server 2008 R2* This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy
Machine FALSE Network\BranchCache HKLM\Software\Policies\Microsoft\Windows\NetCache!PeerCachingLatencyThreshold At least Windows Server 2008 R2 or Windows 7 This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Discovery!SCPDiscoveryEnabled At least Windows Server 2012
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service\Versioning!PreferredContentInformationVersion At least Windows Server 2012
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\MultipleServers At least Windows Server 2012
Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Retrieval!SegmentTTL At least Windows Server 2012
User FALSE Windows Components\Tablet PC\Tablet PC Pen Training HKCU\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining Windows Vista only Turns off Tablet PC Pen Training.If you enable this policy setting
Machine FALSE Windows Components\Tablet PC\Tablet PC Pen Training HKLM\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining Windows Vista only Turns off Tablet PC Pen Training.If you enable this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled
Machine FALSE System\Troubleshooting and Diagnostics\Windows Performance PerfTrack HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled
Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting
Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting
Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469!DCSettingIndex At least Windows Vista This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting
Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\8183ba9a-e910-48da-8769-14ae6dc1170a!DCSettingIndex At least Windows Vista This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting
Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\bcded951-187b-4d05-bccc-f7e51960c258!DCSettingIndex At least Windows Vista This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!ACSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!ACSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!ACSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!ACSettingIndex Windows Vista only This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!DCSettingIndex Windows Vista only This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting
Machine FALSE System\Power Management\Hard Disk Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!ACSettingIndex At least Windows Vista This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting
Machine FALSE System\Power Management\Hard Disk Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!DCSettingIndex At least Windows Vista This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting
Machine FALSE System\Power Management HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme At least Windows Vista This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg
Machine FALSE System\Power Management HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme At least Windows Vista This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan
User FALSE System\Power Management HKCU\Software\Policies\Microsoft\Windows\System\Power!PromptPasswordOnResume Windows Server 2003
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!ACSettingIndex At least Windows Vista This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!ACSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!ACSettingIndex At least Windows Vista This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!ACSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!ACSettingIndex At least Windows Vista This policy setting allows you to turn off hybrid sleep.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!DCSettingIndex At least Windows Vista This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!DCSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!DCSettingIndex At least Windows Vista This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!DCSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!DCSettingIndex At least Windows Vista This policy setting allows you to turn off hybrid sleep.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!ACSettingIndex At least Windows Vista This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!DCSettingIndex At least Windows Vista This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!ACSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!DCSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!ACSettingIndex At least Windows Vista This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!DCSettingIndex At least Windows Vista This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT!DontPowerOffAfterShutdown At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting
Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting
Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting
Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\F3C5027D-CD16-4930-AA6B-90DB844A8F00!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting
Machine FALSE \Windows PowerShell HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts
User FALSE \Windows PowerShell HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts
Machine FALSE \Windows PowerShell HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging
User FALSE \Windows PowerShell HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging
Machine FALSE \Windows PowerShell HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath
User FALSE \Windows PowerShell HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath
User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file
Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file
User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage Supported Windows Vista through Windows 7 This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting
Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage Supported Windows Vista through Windows 7 This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting
User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting
Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting
User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage At least Windows Vista This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting
Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage At least Windows Vista This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting
User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore At least Windows Vista This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting
Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore At least Windows Vista This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting
User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries Supported Windows Vista through Windows 7 This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting
Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries Supported Windows Vista through Windows 7 This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPrinting Windows 2000 only Internet printing lets you display printers on Web pages so that printers can be viewed
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ApplicationDriverIsolation At least Windows Server 2012
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!SupportLink Windows Server 2003
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State
User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Downlevel Browse At least Windows 2000 Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceCSREMFDespooling At least Windows Vista When printing through a print server
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceSoftwareRasterization At least Windows Server 2012
User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Printers Page URL Windows Server 2003
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!KMPrintersAreBlocked Windows Server 2003
User FALSE Control Panel\Printers HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAddPrinter At least Windows 2000 Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled
User FALSE Control Panel\Printers HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDeletePrinter At least Windows 2000 If this policy setting is enabled
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State
User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly Windows Server 2008 and Windows Vista This policy restricts clients computers to use package point and print only.If this setting is enabled
User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly At least Windows Vista This policy restricts clients computers to use package point and print only.If this setting is enabled
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocation At least Windows 2000 If this policy setting is enabled
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocationSupport At least Windows 2000 Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting
User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted
User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Default Search Scope At least Windows 2000 Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ServerThread At least Windows 2000 Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationExecutionPolicy At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes)
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationOverrideCompat At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!V4DriverDisallowPrinterExtension At least Windows Server 2012
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!MXDWUseLegacyOutputFormatMSXPS At least Windows Server 2012
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!RegisterSpoolerRemoteRpcEndPoint At least Windows Server 2003 This policy controls whether the print spooler will accept client connections.When the policy is unconfigured
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Auto Publishing Windows Server 2003
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruneDownlevel At least Windows 2000 Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningInterval At least Windows 2000 Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningPriority At least Windows 2000 Sets the priority of the pruning thread. The pruning thread
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetries At least Windows 2000 Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetryLog At least Windows Server 2003 operating systems or Windows XP Professional Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PublishPrinters At least Windows 2000 Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!VerifyPublishedState At least Windows 2000 Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default
Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!Immortal At least Windows 2000 Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsCPL At least Windows Vista This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsAndFeatures At least Windows Vista This setting prevents users from accessing "Programs and Features" to view
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoInstalledUpdates At least Windows Vista This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoDefaultPrograms At least Windows Vista This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsMarketplace Windows Vista only This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoGetPrograms At least Windows Vista Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View
User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsFeatures At least Windows Vista This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View
Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!LoggingLevel At least Windows Server 2008 This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting
Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state
Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!SNISPasswordSyncEnable At least Windows Server 2008 This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting
Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state
Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeBestEffort At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeControlledLoad At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeGuaranteed At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeNetworkControl At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeQualitative At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeBestEffort At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeControlledLoad At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeGuaranteed At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeNetworkControl At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeQualitative At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler HKLM\Software\Policies\Microsoft\Windows\Psched!MaxOutstandingSends At least Windows Server 2003 operating systems or Windows XP Professional Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit
Machine FALSE Network\QoS Packet Scheduler HKLM\Software\Policies\Microsoft\Windows\Psched!NonBestEffortLimit At least Windows Server 2003 operating systems or Windows XP Professional Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default
Machine FALSE Network\QoS Packet Scheduler HKLM\Software\Policies\Microsoft\Windows\Psched!TimerResolution At least Windows Server 2003 operating systems or Windows XP Professional Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeBestEffort At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeControlledLoad At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeGuaranteed At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNetworkControl At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNonConforming At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeQualitative At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Machine FALSE Windows Components\Windows Reliability Analysis HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliability Analysis\WMI!WMIEnable At least Windows Server 2008 R2 or Windows 7 This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel
Machine FALSE System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled
Machine FALSE System\Recovery HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE!DisableSetup Windows Server 2008 R2 and Windows 7 Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled
Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeShutdownErrs Windows Server 2003 only This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!SnapShot Windows Server 2003 only This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn
Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!LoggingEnabled At least Windows Vista This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting
Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!CreateEncryptedOnlyTickets At least Windows Vista This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting
Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization
Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages
Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp
Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Floppy Drives removable storage class
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Floppy Drives removable storage class
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Floppy Drives removable storage class
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Floppy Drives removable storage class
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to the Floppy Drives removable storage class
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to removable disks.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to removable disks.If you enable this policy setting
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to removable disks.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to removable disks.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to removable disks.If you enable this policy setting
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All At least Windows Vista Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All At least Windows Vista Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read
User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write
Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!AllowRemoteDASD At least Windows Vista This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting
Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!EnableAuthEpResolution At least Windows XP Professional with SP2 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting
Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation
Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!MinimumConnectionTimeout At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases
Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!RestrictRemoteClients At least Windows XP Professional with SP2 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting
Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!StateInformation At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether the RPC Runtime maintains RPC state information for the system
Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!MaxGPOScriptWait At least Windows 2000 This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon
User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLegacyLogonScripts At least Windows 2000 This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default
User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogoffScripts At least Windows 2000 This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default
User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync At least Windows 2000 This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting
Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync At least Windows 2000 This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting
User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogonScripts At least Windows 2000 This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default
TRUE
TRUE
TRUE
Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideShutdownScripts At least Windows 2000 This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default
Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunStartupScriptSync At least Windows 2000 This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default
Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideStartupScripts At least Windows 2000 This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default
Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!Allow-LogonScript-NetbiosDisabled At least Windows Vista This policy setting allows user logon scripts to run when the logon cross-forest
Machine FALSE System\Troubleshooting and Diagnostics\Scripted Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!ValidateTrust At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\Scripted Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!EnableDiagnostics At least Windows Server 2008 R2 or Windows 7 This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting
Machine FALSE System\Troubleshooting and Diagnostics\Scripted Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!EnableQueryRemoteServer At least Windows Server 2008 R2 or Windows 7 This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states
Machine FALSE System\Troubleshooting and Diagnostics\Scheduled Maintenance HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured
User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableBackoff Any version of Microsoft Windows with Windows Search 4.0 or later If enabled
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventRemoteQueries Any version of Microsoft Windows with Windows Search 4.0 or later If enabled
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexOnBattery Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations Microsoft Windows XP
User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations Any version of Microsoft Windows with Windows Search 4.0 or later If enabled
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowUsingDiacritics Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AlwaysUseAutoLangDetection Microsoft Windows 8 or later This policy setting determines when Windows uses automatic language detection results
Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableRemovableDriveIndexing Microsoft %WINDOWS_CLIENT_VERSION_6_3_BLUE% or later This policy setting disables indexing of removable drives.
Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWeb Microsoft %WINDOWS_CLIENT_VERSION_6_3_BLUE% or later This policy setting allows you to control whether or not Search can perform queries on the web
Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWebOverMeteredConnections Microsoft %WINDOWS_CLIENT_VERSION_6_3_BLUE% or later This policy setting allows you to control whether or not Search can perform queries on the web over metered connections
Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy
Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AutoIndexSharedFolders Any version of Microsoft Windows with Windows Search 4.0 This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!FavoriteLocations Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventUsingAdvancedIndexingOptions Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOfflineFiles Microsoft Windows Vista or later If enabled
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingUncachedExchangeFolders Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableIndexingDelegateMailboxes Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOutlook Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingEmailAttachments Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!RichAttachmentPreviews Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingPublicFolders Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DataDirectory Microsoft Windows Vista
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PrimaryIntranetSearchScopeUrl Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SecondaryIntranetSearchScopeUrl Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreviewPaneLocation Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SearchResultIconSize Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingLowDiskSpaceMB Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventUnwantedAddins Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableWebSearch Microsoft Windows XP
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths Microsoft Windows XP
User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths Any version of Microsoft Windows with Windows Search 4.0 or later If you enable this policy setting
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths Microsoft Windows XP
User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths Microsoft Windows XP
User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis
Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0
User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer!DisableSearchHistory Microsoft Windows 8 or later This policy setting prevents search queries from being stored in the registry. If you enable this policy setting
Machine FALSE \OCR HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs
Machine FALSE \OCR HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!OCREveryPage Microsoft Windows 7 or later This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document
Machine FALSE Windows Components\Security Center HKLM\Software\Policies\Microsoft\Windows NT\Security Center!SecurityCenterInDomain At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on
User FALSE Windows Components\Location and Sensors HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the sensor feature for this computer. If you enable this policy setting
Machine FALSE Windows Components\Location and Sensors HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the sensor feature for this computer. If you enable this policy setting
User FALSE Windows Components\Location and Sensors HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the location feature for this computer. If you enable this policy setting
Machine FALSE Windows Components\Location and Sensors HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the location feature for this computer. If you enable this policy setting
User FALSE Windows Components\Location and Sensors HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting At least Windows Server 2008 R2 or Windows 7 This policy setting turns off scripting for the location feature. If you enable this policy setting
Machine FALSE Windows Components\Location and Sensors HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting At least Windows Server 2008 R2 or Windows 7 This policy setting turns off scripting for the location feature. If you enable this policy setting
Machine FALSE System\Server Manager HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!DoNotOpenAtLogon At least Windows Server 2008 This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting
Machine FALSE System\Server Manager HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled
Machine FALSE System\Server Manager HKLM\Software\Policies\Microsoft\Windows\Server\InitialConfigurationTasks!DoNotOpenAtLogon Windows Server 2008 and Windows Server 2008 R2 operating systems only This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\MYS!DisableShowAtLogon At least Windows Server 2003 This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting
Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync
Machine TRUE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync
Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSyncOnPaidNetwork At least Windows Server 2012
Machine TRUE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Setup!ServicePackSourcePath At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting
Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Setup!SourcePath At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate location for Windows installation files.If you enable this policy setting
Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing At least Windows Server 2008 R2 or Windows 7 Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy
User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing At least Windows Server 2008 R2 or Windows 7 Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy
User FALSE Shared Folders HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishDfsRoots At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting
User FALSE Shared Folders HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishSharedFolders At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting
User FALSE Windows Components\Network Sharing HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInplaceSharing At least Windows Vista This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting
Machine FALSE Windows Components\HomeGroup HKLM\Software\Policies\Microsoft\Windows\HomeGroup!DisableHomeGroup At least Windows Server 2008 R2 or Windows 7 This policy setting specifies whether users can add computers to a homegroup. By default
User FALSE System HKCU\Software\Policies\Microsoft\Windows\System!DisableCMD At least Windows 2000 This policy setting prevents users from running the interactive command prompt
User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableRegistryTools At least Windows 2000 Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe
User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun
User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictWelcomeCenter Windows Vista only This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting
User FALSE Windows Components\Desktop Gadgets HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar Windows Server 2008
Machine FALSE Windows Components\Desktop Gadgets HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar Windows Server 2008
User FALSE Windows Components\Desktop Gadgets HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets Windows Server 2008
Machine FALSE Windows Components\Desktop Gadgets HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets Windows Server 2008
User FALSE Windows Components\Desktop Gadgets HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets Windows Server 2008
Machine FALSE Windows Components\Desktop Gadgets HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets Windows Server 2008
Machine TRUE HKLM\Software\Policies\Microsoft\Windows\Skydrive!DisableFileSync At least Windows Server 2012 R2
Machine TRUE HKLM\Software\Policies\Microsoft\Windows\Skydrive!DisableMeteredNetworkFileSync At least Windows Server 2012 R2
Machine TRUE HKLM\Software\Policies\Microsoft\Windows\Skydrive!DisableLibrariesDefaultSaveToSkyDrive At least Windows Server 2012 R2
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowCertificatesWithNoEKU At least Windows Vista This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowIntegratedUnblock At least Windows Vista This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!FilterDuplicateCerts At least Windows Vista This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ForceReadingAllCertificates At least Windows Vista This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowSignatureOnlyKeys At least Windows Vista This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowTimeInvalidCertificates At least Windows Vista This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!CertPropEnabled At least Windows Vista This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!RootCertificateCleanupOption At least Windows Vista This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off.
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!EnableRootCertificatePropagation At least Windows Vista This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card.
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!IntegratedUnblockPromptString At least Windows Vista This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ReverseSubject At least Windows Vista This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!DisallowPlaintextPin At least Windows Vista Service Pack 1 This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!X509HintsNeeded At least Windows Vista This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!EnableScPnP At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!ScPnPNotification At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting
Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!EnumerateECCCerts At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting
Machine FALSE Windows Components\Server for NIS HKLM\Software\Policies\Microsoft\Windows\Server for NIS!LoggingLevel At least Windows Server 2008 This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting
Machine FALSE Windows Components\Server for NIS HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state
Machine FALSE Network\SNMP HKLM\Software\Policies\SNMP\Parameters\ValidCommunities At least Windows Server 2003 operating systems or Windows XP Professional This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network
Machine FALSE Network\SNMP HKLM\Software\Policies\SNMP\Parameters\PermittedManagers At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting
Machine FALSE Network\SNMP HKLM\Software\Policies\SNMP\Parameters\TrapConfiguration\public At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting
User FALSE Windows Components\Sound Recorder HKCU\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec At least Windows Vista Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting
Machine FALSE Windows Components\Sound Recorder HKLM\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec At least Windows Vista Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting
Machine FALSE System\File Classification Infrastructure HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!EnableManualUX At least Windows Server 2012
Machine FALSE System\File Classification Infrastructure HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!CentralClassificationList At least Windows Server 2012
Machine FALSE System\Access-Denied Assistance HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled
Machine FALSE System\Access-Denied Assistance HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!EnableShellExecuteFileStreamCheck At least Windows Server 2012
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentProgForNewUserInStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyGames Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchComputerLinkInStartMenu Windows Vista only If you enable this policy
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchEverywhereLinkInStartMenu At least Windows Server 2008 R2 or Windows 7 If you enable this policy
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!AddSearchInternetLinkInStartMenu Windows Server 2008 R2 and Windows 7 If you enable this policy
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchFilesInStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchInternetInStartMenu Windows Server 2008 and Windows Vista If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchProgramsInStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchCommInStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserFolderInStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceRunOnStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!QuickLaunchEnabled Windows Vista only This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentDocsOnExit At least Windows 2000 Clear history of recently opened documents on exit.If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceStartMenuLogOff Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!GreyMSIAds Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Intellimenus Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LockTaskbar At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the taskbar
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MemCheckBoxInRunDlg At least Windows 2000 Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutoTrayNotify At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the notification area
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMBalloonTip Windows Server 2003 and Windows XP only Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeStartMenu At least Windows 2000 This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!ClearTilesOnExit At least Windows Server 2012
Machine TRUE Start Menu and Taskbar HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled
Machine TRUE Start Menu and Taskbar HKLM\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout
TRUE
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCommonGroups At least Windows 2000 Removes items in the All Users profile from the Programs menu on the Start menu.By default
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFavoritesMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFind Windows Server 2003 and Windows XP only This policy setting allows you to remove the Search link from the Start menu
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMFUprogramsList Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMHelp Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInstrumentation Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMorePrograms At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetworkConnections Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuPinnedList Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsHistory At least Windows 2000 Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveSearch At least Windows 2000 This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveTrack At least Windows 2000 This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRun At least Windows 2000 Allows you to remove the Run command from the Start menu
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetFolders At least Windows 2000 This policy setting allows you to remove programs on Settings menu.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetTaskbar At least Windows 2000 This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMConfigurePrograms Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyDocs Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyMusic Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuNetworkPlaces Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyPictures Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuSubFolders Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSimpleStartMenu Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideClock At least Windows Server 2003 operating systems or Windows XP Professional Prevents the clock in the system notification area from being displayed.If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTaskGrouping At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarsOnTaskbar At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the taskbar.The taskbar includes the Start button
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayContextMenu At least Windows 2000 This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayItemsDisplay At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserNameInStartMenu Windows Server 2003 and Windows XP only This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWindowsUpdate At least Windows 2000 This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuEjectPC At least Windows Server 2003 operating systems or Windows XP Professional If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!StartMenuLogOff At least Windows 2000 This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuHomegroup Windows Server 2008 R2 and Windows 7 If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuDownloads Windows Server 2008 R2 and Windows 7 This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuRecordedTV Windows Server 2008 R2 and Windows 7 This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuVideos Windows Server 2008 R2 and Windows 7 This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUninstallFromStart At least Windows Server 2012
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!PowerButtonAction Windows Server 2008 R2 and Windows 7 Set the default action of the power button on the Start menu.If you enable this setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowRunAsDifferentUserInStart At least Windows Server 2012
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultSignIn At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultApp At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultSearch At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!SortView At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!Multimon At least Windows Server 2012 R2
Machine FALSE System\System Restore HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableConfig At least Windows Server 2008 R2 or Windows 7 Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users
Machine FALSE System\System Restore HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableSR At least Windows Server 2008 R2 or Windows 7 Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users
User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!DisableACIntegration Windows Server 2008
Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!DisableACIntegration Windows Server 2008
User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget Windows Server 2008
Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget Windows Server 2008
TRUE
TRUE
TRUE
TRUE
User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState
Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState
TRUE
TRUE
User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOutState
User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!DisablePrediction At least Windows Server 2008 R2 or Windows 7 Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text
Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!DisablePrediction At least Windows Server 2008 R2 or Windows 7 Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text
User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball Windows Vista only Prevents start of InkBall game.If you enable this policy
Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball Windows Vista only Prevents start of InkBall game.If you enable this policy
User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal At least Windows Vista Prevents start of Windows Journal.If you enable this policy
Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal At least Windows Vista Prevents start of Windows Journal.If you enable this policy
User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting At least Windows Vista Prevents printing to Journal Note Writer.If you enable this policy
Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting At least Windows Vista Prevents printing to Journal Note Writer.If you enable this policy
User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool At least Windows Vista Prevents the snipping tool from running.If you enable this policy setting
Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool At least Windows Vista Prevents the snipping tool from running.If you enable this policy setting
User FALSE Windows Components\Tablet PC\Cursors HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback Windows Server 2008
Machine FALSE Windows Components\Tablet PC\Cursors HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback Windows Server 2008
User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping At least Windows Vista Removes the Back->ESC mapping that normally occurs when menus are visible
Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping At least Windows Vista Removes the Back->ESC mapping that normally occurs when menus are visible
User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch At least Windows Vista Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy
Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch At least Windows Vista Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy
User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold At least Windows Vista Prevents press and hold actions on hardware buttons
Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold At least Windows Vista Prevents press and hold actions on hardware buttons
User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons At least Windows Vista Turns off Tablet PC hardware buttons.If you enable this policy
Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons At least Windows Vista Turns off Tablet PC hardware buttons.If you enable this policy
User FALSE Windows Components\Tablet PC\Pen Flicks Learning HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode Windows Server 2008
Machine FALSE Windows Components\Tablet PC\Pen Flicks Learning HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode Windows Server 2008
User FALSE Windows Components\Tablet PC\Pen UX Behaviors HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks Windows Server 2008
Machine FALSE Windows Components\Tablet PC\Pen UX Behaviors HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks Windows Server 2008
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAPower At least Windows Vista This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCANetwork At least Windows Vista This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAVolume At least Windows Vista This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAHealth At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarLockAll At least Windows Vista This policy setting allows you to lock all taskbar settings.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoAddRemoveToolbar At least Windows Vista This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoDragToolbar At least Windows Vista This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoNotification At least Windows Vista This policy setting allows you to turn off all notification balloons.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoRedock At least Windows Vista This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoResize At least Windows Vista This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoThumbnail Windows Vista only This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoPinnedList At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSystraySystemPromotion At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoBalloonFeatureAdvertisements At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoRemoteDestinations At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToTaskbar At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToDestinations At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting
User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoMultimon At least Windows Server 2012
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse Windows Server 2003
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced Windows Server 2003
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop Windows Server 2003
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution Windows Server 2003
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages Windows Server 2003
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation Windows Server 2003
User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion Windows Server 2003
Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion Windows Server 2003
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_State At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_RouterName At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_State At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure 6to4
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterName At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterNameResolutionInterval At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_State At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure Teredo
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ServerName At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_RefreshRate At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ClientPort At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_DefaultQualified At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to set Teredo to be ready to communicate
Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState
Machine FALSE Network\TCPIP Settings\Parameters HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableWsd At least Windows Vista Service Pack 1 This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting
Machine FALSE Network\TCPIP Settings\Parameters HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableIPAutoConfigurationLimits At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection At least Windows Server 2008 This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip At least Windows Server 2008 This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper At least Windows Server 2008 This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode At least Windows Server 2008 This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowUnlistedRemotePrograms At least Windows Server 2008 This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowDesktopCompositionOnServer Windows Server 2008 R2 only This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ParticipateInLoadBalancing At least Windows Server 2008 This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter At least Windows Server 2008 This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter At least Windows Server 2008 This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit At least Windows Server 2008 This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit At least Windows Server 2008 This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoFontSmoothing At least Windows Server 2008 R2 This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!VIPAdapter At least Windows Server 2008 R2 This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!PromptOnIPLeaseFail At least Windows Server 2008 R2 This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows\Session Manager\Quota System!EnableCpuQuota At least Windows Server 2008 R2 Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI!Enable At least Windows Server 2008 R2 This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!bEnumerateHWBeforeSW At least Windows Server 2012 R2 with RDSH role installed This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality Windows 7 with Service Pack 1 This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile Windows 7 with Service Pack 1 This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default
User TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ShadowUAC Windows Server 2008 R2
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect Windows 7 with Service Pack 1 This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport Windows 7 with Service Pack 1 This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\RD Gateway HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy
User FALSE Windows Components\Remote Desktop Services\RD Gateway HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAutoReconnect At least Windows Server 2003 operating systems or Windows XP Professional Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ColorDepth Windows Server 2008
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxMonitors At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper At least Windows Server 2003 operating systems or Windows XP Professional Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableForcibleLogoff At least Windows XP and Windows Server 2003 only This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicenseServers At least Windows Server 2003 with Service Pack 1 This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableTerminalServerTooltip At least Windows Server 2003 with Service Pack 1 This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicensingMode At least Windows Server 2003 with Service Pack 1 This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxInstanceCount At least Windows Server 2003 Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDisconnect At least Windows 2000 Terminal Services This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNTSecurity At least Windows 2000 Terminal Services Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllUserInstallAgent!LogonWaitForPackageRegistration At least Windows 8 Enterprise or Windows Server 2012 R2 This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow Windows Server 2008 R2
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow Windows Server 2008 R2
Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ShadowUAC Windows Server 2008 R2
Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ShadowTimeout Windows Server 2008 R2
Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableRemoteFXAdvancedRemoteApp At least Windows Server 2012 R2 or Windows 8.1 Preview This policy setting allows you to enable RemoteApp programs to use advanced graphics
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fSingleSessionPerUser At least Windows Server 2003 This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fWritableTSCCPermTab At least Windows Server 2003 This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode At least Windows Server 2003 with Service Pack 1 This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFProfilePath At least Windows Server 2003 This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFDontAppendUserNameToProfile At least Windows Server 2003 with Service Pack 2 This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile
Machine FALSE Windows Components\Remote Desktop Services\RD Licensing HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fSecureLicensing At least Windows Server 2003 This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default
Machine FALSE Windows Components\Remote Desktop Services\RD Licensing HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fPreventLicenseUpgrade At least Windows Server 2003 This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCam At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowedAudioQualityMode At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAudioCapture At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCcm At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fForceClientLptDef At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst At least Windows Server 2008 or Windows 7 This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst At least Windows Server 2008 or Windows 7 This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableLPT At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisablePNPRedir At least Windows Vista This policy setting allows you to control the redirection of supported Plug and Play devices
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCpm At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableSmartCard At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection At least Windows Server 2003 This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEncryptRPCTraffic At least Windows Server 2003 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryActive At least Windows Server 2003
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryClusterName At least Windows Server 2003
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryExposeServerIP At least Windows Server 2003
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryLocation At least Windows Server 2003
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken At least Windows Server 2003 operating systems or Windows XP Professional This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken At least Windows Server 2003 operating systems or Windows XP Professional This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit At least Windows Server 2003 This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir At least Windows Server 2003 This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints At least Windows Vista with Service Pack 1 This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting
User FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints At least Windows Vista with Service Pack 1 This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PromptForCredsOnClient At least Windows Vista with Service Pack 1 This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AuthenticationLevel At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality At least Windows Server 2012
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile At least Windows Server 2012
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxCompressionLevel At least Windows Vista with Service Pack 1 This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default
Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fServerEnableRDP8 Windows 7 with Service Pack 1 This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!VisualExperiencePolicy Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fUsbRedirectionEnableMode At least Windows 7 with Service Pack 1 or Windows Server 2008 R2 with Service Pack 1 This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics At least Windows Server 2012
User FALSE Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections HKCU\SOFTWARE\Policies\Microsoft\Workspaces!DefaultConnectionURL At least Windows Server 2012
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect At least Windows Server 2012
Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport At least Windows Server 2012
Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\TPM!OSManagedAuthLevel At least Windows Server 2012
Machine FALSE System\Trusted Platform Module Services HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled
Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreDefaultList At least Windows Vista This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting
Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreLocalList At least Windows Vista This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting
Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration
Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold
Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!AddAdminGroupToRUP At least Windows Server 2003 operating systems or Windows XP Professional This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!CompatibleRUPSecurity At least Windows Server 2003 operating systems
User FALSE System\User Profiles HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ConnectHomeDirToRoot Windows Server 2003
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!DeleteRoamingCache At least Windows 2000 This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDetectEnabled At least Windows 2000 This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkUIEnabled At least Windows 2000 This policy setting provides users with the ability to download their roaming profile
User FALSE System\User Profiles HKCU\Software\Policies\Microsoft\Windows\System!ExcludeProfileDirs At least Windows 2000 This policy setting lets you exclude folders that are normally included in the user's profile. As a result
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!LeaveAppMgmtData At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings
User FALSE System\User Profiles HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!LocalProfile At least Windows Server 2003 operating systems or Windows XP Professional This setting determines if roaming user profiles are available on a particular computer. By default
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ProfileDlgTimeOut Windows Server 2003
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ProfileErrorAction At least Windows 2000 This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ProfileUnloadTimeout Windows Server 2003
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ReadOnlyProfile At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkProfileDefault At least Windows 2000 This policy setting directs the system to wait for the remote copy of the roaming user profile to load
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!CleanupProfiles At least Windows Vista This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting
User FALSE System\User Profiles HKCU\Software\Policies\Microsoft\Windows\System!CscSuspendDirs At least Windows Vista This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!DisableForceUnload At least Windows Vista This policy setting controls whether Windows forcefully unloads the user's registry at logoff
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!WaitForNetwork At least Windows Vista This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!MachineProfilePath At least Windows Vista This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod
TRUE
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!PrimaryComputerEnabledRUP At least Windows Server 2012
Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!ActiveDirectoryBackup
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryPassword
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\SOFTWARE\Policies\Microsoft\FVE!DefaultRecoveryFolderPath At least Windows Vista This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting
TRUE
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethodNoDiffuser At least Windows Server 2012
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!MorBehavior At least Windows Vista This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!UseEnhancedPin At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSPassphrase
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!TPMAutoReseal At least Windows Server 2012
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!DisallowStandardUserPINReset At least Windows Server 2012 or Windows 8 This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!IdentificationField
Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!CertificateOID At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSUseEnhancedBcdProfile
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecovery
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableNonTPM
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!UseAdvancedStartup
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSManageNKP At least Windows Server 2012 or Windows 8 This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy
TRUE
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!MinimumPIN At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHardwareEncryption
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSEnablePrebootInputProtectorsOnSlates At least Windows Server 2012 or Windows 8 This policy setting allows users to turn on authentication options that require user input from the pre-boot environment
Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSAllowSecureBootForIntegrity At least Windows Server 2012
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecovery
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\Software\Policies\Microsoft\FVE!FDVPassphrase
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!FDVDenyWriteAccess At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\Software\Policies\Microsoft\FVE!FDVDiscoveryVolumeType
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\Software\Policies\Microsoft\FVE!FDVAllowUserCert
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType
Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHardwareEncryption
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecovery
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVConfigureBDE
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVPassphrase
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVDiscoveryVolumeType
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVAllowUserCert
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType
Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHardwareEncryption
Machine FALSE System\Windows Time Service HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate
Machine FALSE System\Windows Time Service\Time Providers HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer
Machine FALSE System\Windows Time Service\Time Providers HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!Enabled At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting
Machine FALSE System\Windows Time Service\Time Providers HKLM\Software\Policies\Microsoft\W32Time\TimeProviders\NtpServer!Enabled At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server
Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockNonDomain At least Windows Server 2012
Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fMinimizeConnections At least Windows Server 2012
Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockRoaming At least Windows Server 2012
Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fDisablePowerManagement At least Windows Server 2012
Machine FALSE System\Troubleshooting and Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled
Machine FALSE System\Troubleshooting and Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled
User FALSE Windows Components\Windows Calendar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal Windows Vista only Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars
Machine FALSE Windows Components\Windows Calendar HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal Windows Vista only Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars
Machine FALSE Windows Components\Add features to Windows 8.1 Preview HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled At least Windows Server 2008 R2 or Windows 7 By default
User FALSE Windows Components\Add features to Windows 8.1 Preview HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled At least Windows Server 2008 R2 or Windows 7 By default
Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!OnlySystemBackup At least Windows Server 2008 This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting
Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToDisk At least Windows Server 2008 This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting
Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToNetwork At least Windows Server 2008 This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting
Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToOptical At least Windows Server 2008 This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting
Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoRunNowBackup At least Windows Server 2008 This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting
User FALSE Windows Components\Windows Color System HKCU\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall At least Windows Vista This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting
Machine FALSE Windows Components\Windows Color System HKLM\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall At least Windows Vista This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting
User FALSE Network\Windows Connect Now HKCU\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi At least Windows Vista This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting
Machine FALSE Network\Windows Connect Now HKLM\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi At least Windows Vista This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting
Machine FALSE Network\Windows Connect Now HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!AllowFastServiceStartup At least Windows Server 2012
Machine FALSE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableAntiSpyware At least Windows Vista This policy setting allows you to manage whether spyware definitions are used during a scan.If you enable or do not configure this setting
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableAntivirus At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableLocalAdminMerge At least Windows Server 2012
Machine FALSE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableRoutinelyTakingAction At least Windows Vista This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!ProxyBypass
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!ProxyServer
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!RandomizeScheduleTaskTimes At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!ServiceKeepAlive At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions
Machine TRUE Windows Components\Windows Defender\Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths
Machine TRUE Windows Components\Windows Defender\Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes
Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS!DisableProtocolRecognition At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!DisableSignatureRetirement At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate
Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges!Nis_Consumers_IPS_Exclusions_Ip_Ranges_Ip_Range
Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports!Nis_Consumers_IPS_Exclusions_Ports_Port_Number
Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name
Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs!Nis_Consumers_IPS_Exclusions_Threat_Ids_Threat_Id
Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid
Machine TRUE Windows Components\Windows Defender\Quarantine HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!LocalSettingOverridePurgeItemsAfterDelay At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Quarantine HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableBehaviorMonitoring At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableInformationProtectionControl At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIntrusionPreventionSystem At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIOAVProtection At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableOnAccessProtection At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRawWriteNotification At least Windows Server 2012
Machine FALSE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRealtimeMonitoring At least Windows Vista This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableScanOnRealtimeEnable At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableBehaviorMonitoring At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableOnAccessProtection At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableIntrusionPreventionSystem At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableIOAVProtection At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableRealtimeMonitoring At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideRealtimeScanDirection At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection
Machine TRUE Windows Components\Windows Defender\Remediation HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!LocalSettingOverrideScan_ScheduleTime At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Remediation HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay
Machine TRUE Windows Components\Windows Defender\Remediation HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!DisableGenericRePorts At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents
Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AllowPause At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor
Machine FALSE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!CheckForSignaturesBeforeRunningScan At least Windows Vista This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate"
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableArchiveScanning At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupFullScan At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupQuickScan At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableEmailScanning At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableHeuristics At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisablePackedExeScanning At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRemovableDriveScanning At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableReparsePointScanning At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRestorePoint At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningMappedNetworkDrivesForFullScan At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningNetworkFiles At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideAvgCPULoadFactor At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScanParameters At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleDay At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleQuickScanTime At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleTime At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanOnlyIfIdle At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime
Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScanOnUpdate At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScheduledSignatureUpdateOnBattery At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableUpdateOnStartupWithoutEngine At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ForceUpdateFromMU At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!RealtimeSignatureDelivery At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureDisableNotification At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval
Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!UpdateOnStartUp At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\MAPS HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!LocalSettingOverrideSpynetReporting At least Windows Server 2012
Machine FALSE Windows Components\Windows Defender\MAPS HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting
Machine TRUE Windows Components\Windows Defender\Threats HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction
Machine TRUE Windows Components\Windows Defender\Threats HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction
Machine TRUE Windows Components\Windows Defender\Client Interface HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!Notification_Suppress At least Windows Server 2012
Machine TRUE Windows Components\Windows Defender\Client Interface HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString
User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoBackButton At least Windows 2000 Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional
User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoFileMru At least Windows 2000 Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it
User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoPlacesBar At least Windows 2000 Removes the shortcut bar from the Open dialog box.This setting
User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClassicShell Windows Server 2008
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ConfirmFileDelete At least Windows Server 2003 operating systems or Windows XP Professional Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!EnforceShellExtensionSecurity At least Windows 2000 This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LinkResolveIgnoreLinkInfo At least Windows 2000 This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MaxRecentDocs Windows Server 2008
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThumbnailCache At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCDBurning At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeAnimation Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeKeyboardNavigationIndicators Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDFSTab At least Windows 2000 This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDrives At least Windows 2000 This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network!NoEntireNetwork Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFileMenu At least Windows 2000 Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFolderOptions At least Windows 2000 This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoHardwareTab At least Windows 2000 Removes the Hardware tab.This setting removes the Hardware tab from Mouse
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoManageMyComputerVerb At least Windows 2000 Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc)
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSharedDocuments Windows XP Professional only This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetConnectDisconnect At least Windows 2000 Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecycleFiles At least Windows Server 2003 operating systems or Windows XP Professional When a file or folder is deleted in File Explorer
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRunasInstallPrompt Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSecurityTab At least Windows Server 2003 operating systems or Windows XP Professional Removes the Security tab from File Explorer.If you enable this setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoShellSearchButton Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewContextMenu At least Windows 2000 Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewOnDrive At least Windows 2000 Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWinKeys At least Windows Server 2003 Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoComputersNearMe Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PromptRunasInstallNetPath Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RecycleBinSize Windows Server 2003
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior At least Windows XP Professional with SP2 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol
Machine FALSE Windows Components\File Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior At least Windows XP Professional with SP2 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchInternetTryHarderButton At least Windows Server 2008 R2 or Windows 7 If you enable this policy
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!CheckSameSourceAndTargetForFRAndDFS At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to prevent data loss when you change the target location for Folder Redirection
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!HideContentViewModeSnippets At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableIndexedLibraryExperience At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableSearchBoxSuggestions At least Windows Server 2008 R2 or Windows 7 Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy
Machine FALSE Windows Components\File Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage At least Windows Vista Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage At least Windows Vista Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation
Machine FALSE Windows Components\File Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting
User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation At least Windows Server 2012
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation At least Windows Server 2012
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowLockOption At least Windows Server 2012
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowSleepOption At least Windows Server 2012
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowHibernateOption At least Windows Server 2012
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!NoNewAppAlert At least Windows Server 2012
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized
User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\System!DefaultAssociationsConfiguration At least Windows Server 2012
Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!EnableShellShortcutIconRemotePath At least Windows Server 2012
Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SFCDllCacheDir Windows Server 2003
Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcQuota Windows Server 2003
Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcScan Windows Server 2003
Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcShowProgress Windows Server 2003
Machine FALSE Network\Network Connections\Windows Firewall HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\ICFv4!BypassFirewall At least Windows XP Professional with SP2 Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall At least Windows XP Professional with SP2 Turns on Windows Firewall.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DoNotAllowExceptions At least Windows XP Professional with SP2 Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableNotifications At least Windows XP Professional with SP2 Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableUnicastResponsesToMulticastBroadcast At least Windows XP Professional with SP2 Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall At least Windows XP Professional with SP2 Turns on Windows Firewall.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DoNotAllowExceptions At least Windows XP Professional with SP2 Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableNotifications At least Windows XP Professional with SP2 Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableUnicastResponsesToMulticastBroadcast At least Windows XP Professional with SP2 Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting
Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled
User FALSE Windows Components\Windows Mail HKCU\SOFTWARE\Policies\Microsoft\Windows Mail!ManualLaunchAllowed At least Windows Vista Denies or allows access to the Windows Mail application.If you enable this setting
Machine FALSE Windows Components\Windows Mail HKLM\SOFTWARE\Policies\Microsoft\Windows Mail!ManualLaunchAllowed At least Windows Vista Denies or allows access to the Windows Mail application.If you enable this setting
User FALSE Windows Components\Windows Mail HKCU\SOFTWARE\Policies\Microsoft\Windows Mail!DisableCommunities At least Windows Vista Windows Mail will not check your newsgroup servers for Communities support.
Machine FALSE Windows Components\Windows Mail HKLM\SOFTWARE\Policies\Microsoft\Windows Mail!DisableCommunities At least Windows Vista Windows Mail will not check your newsgroup servers for Communities support.
Machine FALSE Windows Components\Windows Media Digital Rights Management HKLM\Software\Policies\Microsoft\WMDRM!DisableOnline At least Windows Server 2003 Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled
Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DisableAutoUpdate Windows Media Player 9 Series and later. This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting
Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!GroupPrivacyAcceptance Windows Media Player 9 Series and later. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting
Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DontUseFrameInterpolation Windows Media Player 9 Series and later. This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting
User FALSE Windows Components\Windows Media Player HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCDDVDMetadataRetrieval Windows Media Player 9 Series and later. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting
Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!PreventLibrarySharing Windows Media Player 11 for Windows XP or Windows Media Player 11 for Windows Vista or later. This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting
User FALSE Windows Components\Windows Media Player HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventMusicFileMetadataRetrieval Windows Media Player 9 Series and later. This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting
Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!QuickLaunchShortcut Windows Media Player 9 Series and later. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting
User FALSE Windows Components\Windows Media Player HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventRadioPresetsRetrieval Windows Server 2003
Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DesktopShortcut Windows Media Player 9 Series and later. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting
User FALSE Windows Components\Windows Media Player\Playback HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!EnableScreenSaver Windows Media Player 9 Series and later. This policy setting allows a screen saver to interrupt playback.If you enable this policy setting
User FALSE Windows Components\Windows Media Player\Playback HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCodecDownload Windows Media Player for Windows XP and later. This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting
User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!DoNotShowAnchor Windows Server 2003
User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HidePrivacyTab Windows Media Player 9 Series and later. This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting
User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideSecurityTab Windows Media Player 9 Series and later. This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting
User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin
User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy
User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy
User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy
User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideNetworkTab Windows Media Player for Windows XP and later. This policy setting allows you to hide the Network tab.If you enable this policy setting
User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy
User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols
Machine FALSE Windows Components\Windows Messenger HKLM\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting
User FALSE Windows Components\Windows Messenger HKCU\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting
Machine FALSE Windows Components\Windows Messenger HKLM\Software\Policies\Microsoft\Messenger\Client!PreventRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting
User FALSE Windows Components\Windows Messenger HKCU\Software\Policies\Microsoft\Messenger\Client!PreventRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowBasic At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowUnencryptedTraffic At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowDigest At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowNegotiate At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowKerberos At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowCredSSP At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts
Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Service HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption Windows 7
User FALSE Windows Components\Windows Update HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption Windows 7
User FALSE Windows Components\Windows Update HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption Windows 7
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption Windows 7
User FALSE Windows Components\Windows Update HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!ElevateNonAdmins Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AutoInstallMinorUpdates Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!IncludeRecommendedUpdates At least Windows Vista Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!EnableFeaturedSoftware Windows Server 2008
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AUPowerManagement Windows Server 2008
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 Specifies that to complete a scheduled installation
Machine TRUE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AlwaysAutoRebootAtScheduledTime When Windows Update requires a restart to finish installing updates
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled
Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!AcceptTrustedPublisherCerts At least Windows Server 2003 operating systems or Windows XP Professional with SP1
Machine FALSE Windows Components\Shutdown Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableShutdownNamedPipe At least Windows Vista This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting
Machine FALSE Windows Components\Shutdown Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ShutdownSessionTimeout At least Windows Vista This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting
Machine FALSE System\Shutdown HKLM\Software\Policies\Microsoft\Windows\System!HiberbootEnabled At least Windows Server 2012
Machine FALSE Windows Components\Windows Logon Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisplayLastLogonInfo At least Windows Vista This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level
User FALSE Windows Components\Windows Logon Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DontDisplayLogonHoursWarnings At least Windows Vista This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default
User FALSE Windows Components\Windows Logon Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonHoursAction At least Windows Vista This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation
Machine FALSE Windows Components\Windows Logon Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!SoftwareSASGeneration At least Windows Vista This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting
User TRUE Windows Components\Work Folders HKCU\Software\Policies\Microsoft\Windows\WorkFolders!SyncUrl
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoTileApplicationNotification At least Windows Server 2012
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotification At least Windows Server 2012
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotificationOnLockScreen At least Windows Server 2012
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoCloudApplicationNotification At least Windows Server 2012
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!Enable At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!EntryTime At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!ExitTime At least Windows Server 2012 R2
User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!AllowCalls At least Windows Server 2012 R2
Machine TRUE Network\WWAN Service\WWAN Media Cost HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost3G At least Windows Server 2012
Machine TRUE Network\WWAN Service\WWAN Media Cost HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost4G At least Windows Server 2012
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem
This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus
The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off
The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting
This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes
This setting exists only for backward compatibility
This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected
This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input
This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications
This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example
This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted
This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting
This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone
This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone
This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista
This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting
This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting
This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting
This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting
This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default
This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default
This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default
This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit
HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth
HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits
HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits
This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default
This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space
This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache
This policy setting specifies whether the computer will act as a BITS peer caching client. By default
This policy setting specifies whether the computer will act as a BITS peer caching server. By default
This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers
HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy
This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default
This policy setting limits the number of BITS jobs that can be created by a user. By default
This policy setting limits the number of files that a BITS job can contain. By default
This policy setting limits the number of ranges that can be added to a file in a BITS job. By default
This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer
If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server.
This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting
This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs
Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications.
Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.
Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others.
Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications
Prevents users from sharing the whole desktop. They will still be able to share individual applications.
Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications
Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference.
Disables the audio feature of NetMeeting. Users will not be able to send or receive audio.
Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality
Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.
Prevents users from receiving video. Users will still be able to send video provided they have the hardware."
Prevents users from sending video if they have the hardware. Users will still be able to receive video from others.
Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.
Make the automatic acceptance of incoming calls persistent.
Disables the T.126 whiteboard feature of NetMeeting.
Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it.
Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely.
Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls.
Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always.
Prevents users from changing the way calls are placed
Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book."
Prevents users from receiving files from others in a conference.
Prevents users from sending files to others in a conference.
Prevents users from viewing directories as Web pages in a browser.
Limits the size of files users can send to others in a conference.
Sets the URL NetMeeting will display when the user chooses the Help Online Support command.
Sets the level of security for both outgoing and incoming NetMeeting calls.
Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.
Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings.
Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings.
Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings.
Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl
This policy setting controls the default Control Panel view
Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl
Disables the Display Control Panel.If you enable this setting
Disables the Color (or Window Color) page in the Personalization Control Panel
Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add
Enables desktop screen savers.If you disable this setting
Specifies the screen saver for the user's desktop.If you enable this setting
Determines whether screen savers used on the computer are password protected.If you enable this setting
Specifies how much user idle time must elapse before the screen saver is launched.When configured
Prevents users from adding or changing the background design of the desktop.By default
Prevents users from changing the sound scheme.By default
Prevents users from changing the mouse pointers.By default
Prevents users from changing the desktop icons.By default
This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting
Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting
Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP
This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles)
HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background
This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist
This policy setting specifies a default logon domain
This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials
HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials
This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default
This policy setting requires the user to enter Microsoft Windows credentials using a trusted path
This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting
This policy setting prevents users from locking the system.While locked
This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers
This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting
Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting
Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting
Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory
Prevents users from changing the path to their profile folders.By default
Prevents users from using the Desktop Cleanup Wizard.If you enable this setting
Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods.
This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows
Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista
This setting hides Properties on the context menu for Computer.If you enable this setting
Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop
Removes the Properties option from the Recycle Bin context menu.If you enable this setting
Prevents users from saving certain changes to the desktop.If you enable this setting
Prevents users from adjusting the length of desktop toolbars. Also
Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy
This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting
This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity
This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs
This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot
This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting
This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses
This policy setting prevents redirection of USB devices.If you enable this setting
HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs
This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting
Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting
Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting
HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies
This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting
This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting
This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default
Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled
This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting
This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system
This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting
This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer
This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting
This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume
This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting
Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes
Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting
Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting
Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix
Specifies if DNS client computers will register PTR resource records.By default
Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting
Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates
Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers
Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL
Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example
Specifies the security level for dynamic DNS updates.To use this policy setting
Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones
Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution
This policy setting controls the appearance of window animations such as those found when restoring
This policy setting controls the appearance of window animations such as those found when restoring
HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState
HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState
This policy setting controls the ability to change the color of window frames. If you enable this policy setting
This policy setting controls the ability to change the color of window frames. If you enable this policy setting
HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy
This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting
This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting
This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting
This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting
This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting
This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy
HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI
This policy setting turns off Windows Error Reporting
This policy setting turns off Windows Error Reporting
This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting
This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting
This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting
This policy setting determines whether Windows Error Reporting (WER) sends additional
This policy setting determines whether Windows Error Reporting (WER) sends additional
This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone
This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting
This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors
This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer
This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting
HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue
This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting
This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting
This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting
This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting
This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting
This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting
This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size
This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting
This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting
This policy setting turns on logging.If you enable or do not configure this policy setting
This is the program that will be invoked when the user clicks the events.asp link.
This specifies the command line parameters that will be passed to the events.asp program
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.
This policy setting configures File Explorer to always display the menu bar.Note: By default
This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting
This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately
Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy.
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled
HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files
Encrypting the page file prevents malicious users from reading data that has been paged to disk
These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility
Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs
This policy setting allows you to control whether all redirected shell folders
HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder
This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs
This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane
Hides the Preview Pane in File Explorer.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled
Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting
Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting
Manages download of game update information from Windows Metadata Services.If you enable this setting
This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales
HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales
HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales
HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales
This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting
This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting
This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides
This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not
This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting
This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting
This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting
This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting
This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting
This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting
This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer
This policy turns off the offer text predictions as I type option. This does not
This policy turns off the insert a space after selecting a text prediction option. This does not
This policy turns off the autocorrect misspelled words option. This does not
This policy turns off the highlight misspelled words option. This does not
This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly
HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection
HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection
This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default
HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization
HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay
This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is
This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default
This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous
This policy setting allows user-based policy processing
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default
This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default
This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers
This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting
This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings
This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting
This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime
HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC
HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime
This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured
This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting
This policy setting lets you always use local ADM files for the Group Policy snap-in.By default
This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink
HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel
This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited
This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited
This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited
This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting
This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting
This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting
This policy setting specifies whether active content links in trusted assistance content are rendered. By default
This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting
This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting
This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting
HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication
HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication
This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically
This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting
This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing
This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing
This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition
This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center
This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products
This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting
This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting
HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default
This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting
This policy setting specifies whether the tasks "Publish this file to the Web
This policy setting specifies whether the tasks "Publish this file to the Web
This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program
This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name
This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level
"This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A}
Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site
This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features
Designates Shockwave flash as an administrator approved control.If you enable this policy
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93}
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67}
Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy
Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy
Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy
Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy
Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy
Designates Microsoft Survey Control as an administrator approved control.If you enable this policy
This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting
This policy setting determines whether Internet Explorer preemptively loads websites and content in the background
This policy setting determines whether Internet Explorer preemptively loads websites and content in the background
This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting
This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting
This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid
This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting
This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8
This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting
This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting
This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting
This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0
This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0
This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation
This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects
This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example
This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this
This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this
This policy setting allows you to manage whether software
This policy setting allows you to manage whether software
This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting
This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache
This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting
This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting
This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting
This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting
This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting
This policy setting allows you to turn on your script debugger
This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default
This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting
This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting
This policy setting determines whether phone numbers are recognized and turned into hyperlinks
This policy setting determines whether phone numbers are recognized and turned into hyperlinks
HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize
Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer
Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing
Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy
Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy
Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing
Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy
Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing
Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing
Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing
This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize
Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy
Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy
This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting
This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting
This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired"
This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8)
This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting
This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting
This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting
This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page
This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID
This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls
This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors
This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default
Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS
Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING
This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND
Internet Explorer places zone restrictions on each Web page it opens
Internet Explorer places zone restrictions on each Web page it opens
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN
This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING
The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL
Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN
This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet
Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL
This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD
Internet Explorer allows scripts to programmatically open
Internet Explorer allows scripts to programmatically open
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3
This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting
This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting
This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions
This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions
This policy setting turns off Automatic Crash Recovery.If you enable this policy setting
This policy setting turns off Automatic Crash Recovery.If you enable this policy setting
This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting
This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally
This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally
This policy setting allows you to turn on or turn off the earlier menus (for example
This policy setting allows you to turn on or turn off the earlier menus (for example
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting
This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting
Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy
This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting
Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting
This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting
This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting
This policy setting allows the user to enable the SmartScreen Filter
This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting
Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy
This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser
This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting
This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting
This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting
This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting
Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts
This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9
This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting
This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar
This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings
This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting
This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files
This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting
This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting
This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available
This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available
This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting
This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting
This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting
Prevents Internet Explorer from automatically installing components.If you enable this policy
This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low
This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting
This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting
This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting
This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting
This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting
This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting
Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy
This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8
This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting
Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy
This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting
Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting
HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow
This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting
Prevents users from changing the browser cache settings
Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy
Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy
Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy
This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting
Prevents users from changing the default Web page colors.If you enable this policy
Prevents users from changing dial-up settings.If you enable this policy
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings
Prevents users from running the Internet Connection Wizard.If you enable this policy
Prevents users from changing font settings.If you enable this policy
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest
HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords
HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History
HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage
Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting
Prevents users from changing language preference settings.If you enable this policy
Prevents users from changing the colors of links on Web pages.If you enable this policy
Prevents users from changing the default programs for messaging tasks.If you enable this policy
You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting
You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting
This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting
This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting
Prevents users from changing Profile Assistant settings.If you enable this policy
This policy setting specifies if a user can change proxy settings.If you enable this policy setting
This policy setting specifies if a user can change proxy settings.If you enable this policy setting
Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy
Prevents users from restoring default settings for home and search pages.If you enable this policy
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history
This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history
This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting
This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting
This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting
Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy
Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy
Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy
Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy
Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy
Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy
This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting
This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting
This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting
This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting
Applies proxy settings to all users of the same computer.If you enable this policy
This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting
This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed
This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting
This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer
This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting
This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting
This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting
This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting
This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer
This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted
This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting
This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting
This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable
This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms
This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting
This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting
This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting
This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting
This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting
This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting
This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting
This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy
This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful
This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting
This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download
This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting
This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting
This policy setting allows you to manage permissions for Java applets.If you enable this policy setting
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting
This policy setting allows you to manage settings for logon options.If you enable this policy setting
This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable
This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable
This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script
This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting
This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting
This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting
This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting
This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls
This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting
This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting
This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
This policy setting allows you to manage software channel permissions.If you enable this policy setting
This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting
This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting
This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting
This policy setting allows you to manage the preservation of information in the browser's history
This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting
This policy setting allows you to manage whether Web sites from less privileged zones
This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting
This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script
This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on
This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate
This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting
This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting
This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting
This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings
This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting
This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users
This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users
This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting
Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy
Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy
Prevents users from saving the complete contents that are displayed on or run from a Web page
Prevents users from opening a new browser window from the File menu.If this policy is enabled
Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy
Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy
Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy
Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy
Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy
This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8
Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy
Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8
This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8
Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy
Prevents users from displaying the browser in full-screen (kiosk) mode
Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy
This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting
This policy setting specifies whether graphical images are included when pages are displayed.Sometimes
This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting
This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting
This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting
HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit
This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing
This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting
This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting
This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting
This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting
This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting
This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting
This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting
This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved)
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved)
HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt
HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt
This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting
This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting
This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar
This policy setting allows the user to run natively implemented
This policy setting allows the user to run natively implemented
This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting
This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008
This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button
This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting
This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting
This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting
This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8
The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also
This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting
This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting
This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting
This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting
Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy
Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons
This policy setting allows you to show or hide the Command bar.If you enable this policy setting
This policy setting allows you to show or hide the Command bar.If you enable this policy setting
This policy setting allows you to show or hide the status bar.If you enable this policy setting
This policy setting allows you to show or hide the status bar.If you enable this policy setting
This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting
This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting
This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting
This policy setting allows you to choose among three different labels for command buttons: show all text labels
This policy setting allows you to choose among three different labels for command buttons: show all text labels
This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting
This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting
This policy setting allows you to manage where tabs are displayed.If you enable this policy setting
This policy setting allows you to manage where tabs are displayed.If you enable this policy setting
This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting
This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting
This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting
This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting
This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting
This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting
This policy setting controls the Suggested Sites feature
This policy setting controls the Suggested Sites feature
This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies
This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default
This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content
This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However
This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting
This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However
This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting
This policy setting allows you to add non-default Accelerators.If you enable this policy setting
This policy setting allows you to add non-default Accelerators.If you enable this policy setting
This policy setting allows you to add default Accelerators.If you enable this policy setting
This policy setting allows you to add default Accelerators.If you enable this policy setting
This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting
This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting
This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting
This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting
This policy setting controls the Compatibility View feature
This policy setting controls the Compatibility View feature
This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting
This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting
This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting
Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting
This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed
This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting
This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting
This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting
This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting
This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting
This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting
This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting
This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting
This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting
This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting
This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit
This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed
This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default
This policy setting configures what Internet Explorer displays when a new browsing session is started. By default
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting
This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide
This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide
This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting
Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy
If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed.
If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed.
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed.
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.
If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed.
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.
If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one.
This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled
This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch
This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled
HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled
HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize
This policy setting specifies whether a hash generation service generates hashes
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled
This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista
This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting
This policy setting forces the user to log on to the computer using the classic logon screen. By default
This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting
This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting
This policy setting determines whether Group Policy processing is synchronous (that is
This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting
This policy setting allows you to hide the Switch User interface in the Logon UI
This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup
This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting
This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos
Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode
Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting
Permits or prohibits use of this snap-in.If you enable this setting
This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting
HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run
HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run
This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting
This policy setting turns off Windows Mobility Center.If you enable this policy setting
This policy setting turns off Windows Mobility Center.If you enable this policy setting
This policy setting turns off Windows presentation settings.If you enable this policy setting
This policy setting turns off Windows presentation settings.If you enable this policy setting
This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized
This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled
This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled
This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting
This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting
This policy setting allows users to patch elevated products.If you enable this policy setting
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting
This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting
This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting
This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting
This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting
This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting
This policy setting prevents users from installing any programs from removable media.If you enable this policy setting
This policy setting restricts the use of Windows Installer.If you enable this policy setting
This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting
This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting
This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting
This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting
This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users
This policy setting allows you to configure user installs. To configure this policy setting
This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting
This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0
Specifies the types of events that Windows Installer records in its transaction log for each installation. The log
This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting
This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting
This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting
This policy setting controls the ability to turn off shared components.If you enable this policy setting
This policy setting controls the ability to prevent embedded UI.If you enable this policy setting
This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting
Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator
Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example
Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option
Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured
Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address
Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default
Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands.
This policy setting enables you to specify the URL of the corporate website
This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network.
This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting
This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example
This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs
This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default
This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon
This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting
This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs
This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified
This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting
This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default
This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service
This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting
This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers
This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered
This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides
This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records
This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service
This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific
This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides
This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites
This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller
This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6
This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name
Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed
Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional
This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default
Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled
Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection
Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection
Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection
Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection
This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting
Specifies whether or not the "local access only" network icon will be shown.When enabled
This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess
This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting
This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting
This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting
This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting
At least Windows Server 2003 operating systems Service Pack 1
This policy setting prevents users from making network files and folders available offline.If you enable this policy setting
This policy setting prevents users from making network files and folders available offline.If you enable this policy setting
This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting
Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow
This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting
HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled
HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit
HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled
This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached
This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting
This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is
This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is
This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol
This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is
This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol
This policy setting allows you to configure the Family Safety feature.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled
This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting
This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting
This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy
This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy
This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting
Turns off Tablet PC Pen Training.If you enable this policy setting
Turns off Tablet PC Pen Training.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled
This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting
This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting
This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting
This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting
This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting
This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting
This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting
This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting
This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting
This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg
This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting
This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting
This policy setting allows you to turn off hybrid sleep.If you enable this policy setting
This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting
This policy setting allows you to turn off hybrid sleep.If you enable this policy setting
This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting
This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting
This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting
This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting
This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting
This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting
This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting
This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting
This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting
This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting
This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting
This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts
HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts
HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging
HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging
HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath
HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file
This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting
This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting
This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting
This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting
This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting
Internet printing lets you display printers on Web pages so that printers can be viewed
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State
Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it
Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled
HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State
This policy restricts clients computers to use package point and print only.If this setting is enabled
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList
This policy restricts clients computers to use package point and print only.If this setting is enabled
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList
Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting
HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted
HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted
Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting
Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes)
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process
This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting
This policy controls whether the print spooler will accept client connections.When the policy is unconfigured
Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond
Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally
Sets the priority of the pruning thread. The pruning thread
Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message
Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt
Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it
Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default
Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall
This setting prevents users from accessing "Programs and Features" to view
This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured
This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result
This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View
Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View
This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View
This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state
This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting
Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit
Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default
Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled
Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled
This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting
This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting
This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp
HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state
This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting
This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting
This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting
This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting
This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write
This policy setting denies read access to the Floppy Drives removable storage class
This policy setting denies read access to the Floppy Drives removable storage class
This policy setting denies write access to the Floppy Drives removable storage class
This policy setting denies write access to the Floppy Drives removable storage class
This policy setting denies execute access to the Floppy Drives removable storage class
This policy setting denies read access to removable disks.If you enable this policy setting
This policy setting denies read access to removable disks.If you enable this policy setting
This policy setting denies write access to removable disks.If you enable this policy setting
This policy setting denies write access to removable disks.If you enable this policy setting
This policy setting denies execute access to removable disks.If you enable this policy setting
Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes
This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting
This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting
This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting
This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting
This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read
HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write
HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write
This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting
This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting
HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation
This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases
This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting
This policy setting determines whether the RPC Runtime maintains RPC state information for the system
This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon
This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default
This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default
This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting
This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default
This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default
This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default
This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default
This policy setting allows user logon scripts to run when the logon cross-forest
This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting
This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting
This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution
Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured
This policy setting determines when Windows uses automatic language detection results
This policy setting disables indexing of removable drives.
This policy setting allows you to control whether or not Search can perform queries on the web
This policy setting allows you to control whether or not Search can perform queries on the web over metered connections
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch
This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting
Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0
This policy setting prevents search queries from being stored in the registry. If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs
This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on
This policy setting turns off the sensor feature for this computer. If you enable this policy setting
This policy setting turns off the sensor feature for this computer. If you enable this policy setting
This policy setting turns off the location feature for this computer. If you enable this policy setting
This policy setting turns off the location feature for this computer. If you enable this policy setting
This policy setting turns off scripting for the location feature. If you enable this policy setting
This policy setting turns off scripting for the location feature. If you enable this policy setting
This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting
This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync
HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync
Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting
Specifies an alternate location for Windows installation files.If you enable this policy setting
Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting
This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting
This policy setting specifies whether users can add computers to a homegroup. By default
This policy setting prevents users from running the interactive command prompt
Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun
This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista
This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting
This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period
This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting
This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows
This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting
This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off.
This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card.
This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting
This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example
This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain
This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting
This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network
This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting
This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting
Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled
If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy
This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting
Clear history of recently opened documents on exit.If you enable this setting
Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment
Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area
This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting
HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled
HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled
HKLM\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout
HKCU\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout
Removes items in the All Users profile from the Programs menu on the Start menu.By default
This policy setting allows you to remove the Search link from the Start menu
This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting
This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting
This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting
Allows you to remove the Run command from the Start menu
This policy setting allows you to remove programs on Settings menu.If you enable this policy setting
This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting
This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting
Prevents the clock in the system notification area from being displayed.If you enable this setting
This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting
This setting affects the taskbar.The taskbar includes the Start button
This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting
This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled
This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting
This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting
This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting
If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result
This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting
This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting
This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting
Set the default action of the power button on the Start menu.If you enable this setting
Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users
Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users
HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState
HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState
Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text
Prevents start of InkBall game.If you enable this policy
Prevents start of InkBall game.If you enable this policy
Prevents start of Windows Journal.If you enable this policy
Prevents start of Windows Journal.If you enable this policy
Prevents printing to Journal Note Writer.If you enable this policy
Prevents printing to Journal Note Writer.If you enable this policy
Prevents the snipping tool from running.If you enable this policy setting
Prevents the snipping tool from running.If you enable this policy setting
Removes the Back->ESC mapping that normally occurs when menus are visible
Removes the Back->ESC mapping that normally occurs when menus are visible
Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy
Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy
Prevents press and hold actions on hardware buttons
Prevents press and hold actions on hardware buttons
Turns off Tablet PC hardware buttons.If you enable this policy
Turns off Tablet PC hardware buttons.If you enable this policy
This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting
This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting
This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting
This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting
This policy setting allows you to lock all taskbar settings.If you enable this policy setting
This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting
This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting
This policy setting allows you to turn off all notification balloons.If you enable this policy setting
This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting
This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting
This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting
This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting
This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting
This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting
This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files
This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting
This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting
This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting
This policy setting allows you to configure 6to4
This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting
This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting
This policy setting allows you to configure Teredo
This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting
This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default
This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0
This policy setting allows you to set Teredo to be ready to communicate
HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState
This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting
This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting
This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting
This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default
This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting
This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer
This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session
This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero
This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting
This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default
This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth
This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example
This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting
Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server
This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP
This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting
This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium
This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default
This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect
This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName
Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default
This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance
This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution
Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default
This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable
This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting
This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default
This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting
Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded
This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting
Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled
This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default
This policy setting allows you to enable RemoteApp programs to use advanced graphics
This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram
This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC
This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default
This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile
This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default
This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example
This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance
This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer
This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default
This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default
This policy setting allows you to control the redirection of supported Plug and Play devices
This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting
This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting
This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting
This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default
This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting
This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting
This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server
HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate
HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold
HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold
This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile
This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default
This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link
This policy setting provides users with the ability to download their roaming profile
This policy setting lets you exclude folders that are normally included in the user's profile. As a result
This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota
This setting determines if roaming user profiles are available on a particular computer. By default
This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading
This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default
This policy setting directs the system to wait for the remote copy of the roaming user profile to load
HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate
This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting
This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection
This policy setting controls whether Windows forcefully unloads the user's registry at logoff
This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize
This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting
HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod
HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation
This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting
This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters
This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs
This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute
This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled
This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting
This policy setting allows users to turn on authentication options that require user input from the pre-boot environment
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting
HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess
HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate
HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer
This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting
This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars
Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars
This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting
This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting
This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting
This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting
This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting
This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting
This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting
This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars
This policy setting allows you to manage whether spyware definitions are used during a scan.If you enable or do not configure this setting
This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting
HKLM\Software\Policies\Microsoft\Windows Defender!ProxyBypass
HKLM\Software\Policies\Microsoft\Windows Defender!ProxyServer
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths
HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges!Nis_Consumers_IPS_Exclusions_Ip_Ranges_Ip_Range
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports!Nis_Consumers_IPS_Exclusions_Ports_Port_Number
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs!Nis_Consumers_IPS_Exclusions_Threat_Ids_Threat_Id
HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid
HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay
This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize
HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection
HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay
HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents
HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate"
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime
HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval
HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval
HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting
HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction
HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction
HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString
Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional
Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it
Removes the shortcut bar from the Open dialog box.This setting
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0
Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting
This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting
This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path
This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting
This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting
This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting
This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also
Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.
This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open
Removes the Hardware tab.This setting removes the Hardware tab from Mouse
Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc)
This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup
Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting
When a file or folder is deleted in File Explorer
Removes the Security tab from File Explorer.If you enable this setting
Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting
Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting
Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example
This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol
HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch
HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary
This policy setting allows you to prevent data loss when you change the target location for Folder Redirection
HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders
This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting
This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy
Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation
Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation
This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting
This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting
This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer)
HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen
HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized
HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized
Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled
Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting
Turns on Windows Firewall.If you enable this policy setting
Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets
Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled
Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled
Turns on Windows Firewall.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled
Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled
Denies or allows access to the Windows Mail application.If you enable this setting
Denies or allows access to the Windows Mail application.If you enable this setting
Windows Mail will not check your newsgroup servers for Communities support.
Windows Mail will not check your newsgroup servers for Communities support.
Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled
This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting
This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting
This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting
This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting
This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting
This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting
This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting
This policy setting allows a screen saver to interrupt playback.If you enable this policy setting
This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting
This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting
This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy
This policy setting allows you to hide the Network tab.If you enable this policy setting
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy
HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting
This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting
This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting
This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting
HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts
HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled
This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled
Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled
Specifies that to complete a scheduled installation
When Windows Update requires a restart to finish installing updates
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled
HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled
At least Windows Server 2003 operating systems or Windows XP Professional with SP1
This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting
This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting
This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level
This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default
This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation
This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting
Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem
This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected
This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example
This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone
This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone
This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting
This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default
This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default
This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space
This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers
This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer
Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application.
Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode.
Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited.
Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it.
Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always.
Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used.
Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add
This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles)
This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers
Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting
Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting
Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting
Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory
Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods.
This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting
This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity
This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example
This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting
This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting
This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting
Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting
Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting
This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default
This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting
This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system
This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting
This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting
Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting
Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix
Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting
Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL
This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting
This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting
This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting
This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors
This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting
This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests.
This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting
This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios.
Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files.
These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility
Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting
This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not
This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting
This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting
This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting
This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting
This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer
This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly
This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous
This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings
This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers
This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited
This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively
This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting
This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition
This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center
This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products
This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting
This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting
This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet
Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site
Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy
Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy
Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy
This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default
This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default
Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy
Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy
Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing
Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy
Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing
This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download
This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page
Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy
Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting
Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy
This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting
Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy
Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy
Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy
This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting
This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users
This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users
This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8
This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting
This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting
This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing
This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting
This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting
If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS.
If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established.
If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established.
If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established.
This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting
This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting
This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting
This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup
This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting
This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting
This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note
This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting
This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting
This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting
This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting
This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users
This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting
This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting
This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting
Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator
Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option
Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured
This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity.
This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity.
This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity.
This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example
This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs
This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default
This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon
This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default
This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting
This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting
This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs
This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified
This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled
This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default
This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered
This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service
This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific
This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites
This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6
This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name
Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection
Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection
Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting)
Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection
Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection
This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting
Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow
This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting
This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached
This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting
This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol
This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol
This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting
This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy
This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy
This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting
This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting
This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting
This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting
This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting
This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg
Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes)
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process
Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond
Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default
This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall
Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View
Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default
Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting
This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel
This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting
This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting
This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting
This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon
This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default
This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default
This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default
This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default
This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default
This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default
This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting
Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis
Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis
This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document
This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on
This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting
This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting
This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting
This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista
This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows
This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain
This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting
This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting
This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting
This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network
Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area
Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting
This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting
This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting
This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting
This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting
If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result
Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users
This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files
This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting
This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting
This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting
This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting
This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session
This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero
This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting
This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example
This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting
This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default
This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting
This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default
This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect
This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting
Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default
This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance
Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default
This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting
This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default
Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer
This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting
This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting
This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client
This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting
This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting
This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting
This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default
This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting
This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting
This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting
This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile
This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default
This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading
This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection
This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting
This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters
This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting
This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting
This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting
This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting
This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate"
This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting
This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also
Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu.
This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open
Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc)
This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting
This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting
This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting
This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting
Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled
Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled
This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting
This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level
Status Policy Path
Computer Configuration\Windows Settings\Account Policies\Password Policy
Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Computer Configuration\Windows Settings\Security Settings\System Services
Computer Configuration\Windows Settings\Security Settings\Registry
Computer Configuration\Windows Settings\Security Settings\File System
Policy Name Supported On
Enforce password history At least Windows XP SP2, Windows Server 2003
Maximum password age At least Windows XP SP2, Windows Server 2003
Minimum password age At least Windows XP SP2, Windows Server 2003
Minimum password length At least Windows XP SP2, Windows Server 2003
Password must meet complexity requirement At least Windows XP SP2, Windows Server 2003
Store passwords using reversible encryption for all users in the domain At least Windows XP SP2, Windows Server 2003
Account lockout duration At least Windows XP SP2, Windows Server 2003
Account lockout threshold At least Windows XP SP2, Windows Server 2003
Reset lockout counter after At least Windows XP SP2, Windows Server 2003
Enforce user logon restrictions At least Windows XP SP2, Windows Server 2003
Maximum lifetime for service ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket renewal At least Windows XP SP2, Windows Server 2003
Maximum tolerance for computer clock synchronization At least Windows XP SP2, Windows Server 2003
Audit account logon events At least Windows XP SP2, Windows Server 2003
Audit account management At least Windows XP SP2, Windows Server 2003
Audit directory service access At least Windows XP SP2, Windows Server 2003
Audit logon events At least Windows XP SP2, Windows Server 2003
Audit object access At least Windows XP SP2, Windows Server 2003
Audit policy change At least Windows XP SP2, Windows Server 2003
Audit privilege use At least Windows XP SP2, Windows Server 2003
Audit process tracking At least Windows XP SP2, Windows Server 2003
Audit system events At least Windows XP SP2, Windows Server 2003
Access this computer from the network At least Windows XP SP2, Windows Server 2003
Access Credential Manager as a trusted caller At least Windows Vista, Windows Server 2008
Act as part of the operating system At least Windows XP SP2, Windows Server 2003
Add workstations to a domain At least Windows XP SP2, Windows Server 2003
Adjust memory quotas for a process At least Windows XP SP2, Windows Server 2003
Allow log on locally At least Windows XP SP2, Windows Server 2003
Allow log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Backup files and directories At least Windows XP SP2, Windows Server 2003
Bypass traverse checking At least Windows XP SP2, Windows Server 2003
Change the system time At least Windows XP SP2, Windows Server 2003
Change the time zone At least Windows Vista, Windows Server 2008
Create a pagefile At least Windows XP SP2, Windows Server 2003
Create a token object At least Windows XP SP2, Windows Server 2003
Create global objects At least Windows XP SP2, Windows Server 2003
Create permanent shared objects At least Windows XP SP2, Windows Server 2003
Create Symbolic Links At least Windows Vista, Windows Server 2008
Debug programs At least Windows XP SP2, Windows Server 2003
Deny access to this computer from the network At least Windows XP SP2, Windows Server 2003
Deny log on as a batch job At least Windows XP SP2, Windows Server 2003
Deny log on as a service At least Windows XP SP2, Windows Server 2003
Deny log on locally At least Windows XP SP2, Windows Server 2003
Deny log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Enable computer and user accounts to be trusted for delegation At least Windows XP SP2, Windows Server 2003
Force shutdown from a remote system At least Windows XP SP2, Windows Server 2003
Generate security audits At least Windows XP SP2, Windows Server 2003
Impersonate a client after authentication At least Windows XP SP2, Windows Server 2003
Increase a process working set At least Windows Vista, Windows Server 2008
Increase scheduling priority At least Windows XP SP2, Windows Server 2003
Load and unload device drivers At least Windows XP SP2, Windows Server 2003
Lock pages in memory At least Windows XP SP2, Windows Server 2003
Log on as a batch job At least Windows XP SP2, Windows Server 2003
Log on as a service At least Windows XP SP2, Windows Server 2003
Log on locally Only Windows XP SP2
Manage auditing and security log At least Windows XP SP2, Windows Server 2003
Modify an object label At least Windows Vista, Windows Server 2008
Modify firmware environment values At least Windows XP SP2, Windows Server 2003
Perform volume maintenance tasks At least Windows XP SP2, Windows Server 2003
Profile single process At least Windows XP SP2, Windows Server 2003
Profile system performance At least Windows XP SP2, Windows Server 2003
Remove computer from docking station At least Windows XP SP2, Windows Server 2003
Replace a process level token At least Windows XP SP2, Windows Server 2003
Restore files and directories At least Windows XP SP2, Windows Server 2003
Shut down the system At least Windows XP SP2, Windows Server 2003
Synchronize directory service data At least Windows XP SP2, Windows Server 2003
Take ownership of files or other objects At least Windows XP SP2, Windows Server 2003
Accounts: Administrator account status Windows XP SP2, Windows Server 2003
Accounts: Block Microsoft accounts Windows 8, Windows Server 2012
Accounts: Guest account status At least Windows XP SP2, Windows Server 2003
Accounts: Limit local account use of blank passwords to console logon only At least Windows XP SP2, Windows Server 2003
Accounts: Rename administrator account At least Windows XP SP2, Windows Server 2003
Accounts: Rename guest account At least Windows XP SP2, Windows Server 2003
Audit: Audit the accesss of global system objects At least Windows XP SP2, Windows Server 2003
Audit: Audit the use of Backup and Restore privilege At least Windows XP SP2, Windows Server 2003
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings At least Windows Vista, Windows Server 2008
Audit: Shut down system immediately if unable to log security audits At least Windows XP SP2, Windows Server 2003
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax At least Windows XP SP2, Windows Server 2003
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax At least Windows XP SP2, Windows Server 2003
Devices: Allow undock without having to log on At least Windows XP SP2, Windows Server 2003
Devices: Allowed to format and eject removable media At least Windows XP SP2, Windows Server 2003
Devices: Prevent users from installing printer drivers At least Windows XP SP2, Windows Server 2003
Devices: Restrict CD-ROM access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Restrict floppy access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Unsigned driver installation behavior Only Windows XP SP2, Windows Server 2003
Domain controller: Allow server operators to schedule tasks At least Windows XP SP2, Windows Server 2003
Domain controller: LDAP server signing requirements At least Windows XP SP2, Windows Server 2003
Domain controller: Refuse machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt or sign secure channel data (always) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally sign secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Disable machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Maximum machine account password age At least Windows XP SP2, Windows Server 2003
Domain member: Require strong (Windows 2000 or later) session key At least Windows XP SP2, Windows Server 2003
Interactive logon: Do not display last user name At least Windows XP SP2, Windows Server 2003
Interactive Logon: Display user information when session is locked At least Windows Vista, Windows Server 2008
Interactive logon: Do not require CTRL+ALT+DEL At least Windows XP SP2, Windows Server 2003
Interactive logon: Machine account lockout threshold Windows 8, Windows Server 2012
Interactive logon: Machine inactivity limit Windows 8, Windows Server 2012
Interactive logon: Message text for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Message title for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Number of previous logons to cache (in case domain controller is not available) At least Windows XP SP2, Windows Server 2003
Interactive logon: Prompt user to change password before expiration At least Windows XP SP2, Windows Server 2003
Interactive logon: Require Domain Controller authentication to unlock workstationAt least Windows XP SP2, Windows Server 2003
Interactive logon: Require smart card At least Windows XP SP2, Windows Server 2003
Interactive logon: Smart card removal behavior At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (if server agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Send unencrypted password to third-party SMB serversAt least Windows XP SP2, Windows Server 2003
Microsoft network server: Amount of idle time required before suspending session At least Windows XP SP2, Windows Server 2003
Microsoft network server: Attempt S4U2Self to obtain claim information Windows 8, Windows Server 2012
Microsoft network server: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Digitally sign communications (if client agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Disconnect clients when logon hours expire At least Windows XP SP2, Windows Server 2003
Microsoft network server: Server SPN target name validation level At least Windows 7, Windows Server 2008 R2
Network access: Allow anonymous SID/Name translation At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts and shares At least Windows XP SP2, Windows Server 2003
Network access: Do not allow storage of passwords and credentials for network authentication At least Windows XP SP2, Windows Server 2003
Network access: Let Everyone permissions apply to anonymous users At least Windows XP SP2, Windows Server 2003
Network access: Named Pipes that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths and sub-paths At least Windows XP SP2, Windows Server 2003
Network access: Restrict anonymous access to Named Pipes and Shares At least Windows XP SP2, Windows Server 2003
Network access: Shares that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Sharing and security model for local accounts At least Windows XP SP2, Windows Server 2003
Network security: Do not store LAN Manager hash value on next password change At least Windows XP SP2, Windows Server 2003
Network security: Force logoff when logon hours expire At least Windows XP SP2, Windows Server 2003
Network security: LAN Manager authentication level At least Windows XP SP2, Windows Server 2003
Network security: LDAP client signing requirements At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers At least Windows XP SP2, Windows Server 2003
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Incoming NTLM traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit Incoming NTLM Traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add server exceptions in this domain At least Windows 7, Windows Server 2008 R2
Network security: Allow LocalSystem NULL session fallback At least Windows 7, Windows Server 2008 R2
Network security: Allow Local System to use computer identity for NTLM At least Windows 7, Windows Server 2008 R2
Network security: Allow PKU2U authentication requests to this computer to use online identities. At least Windows 7, Windows Server 2008 R2
Network security: Configure encryption types allowed for Kerberos At least Windows 7, Windows Server 2008 R2
Recovery console: Allow automatic administrative logon At least Windows XP SP2, Windows Server 2003
Recovery console: Allow floppy copy and access to all drives and all folders At least Windows XP SP2, Windows Server 2003
Shutdown: Allow system to be shut down without having to log on At least Windows XP SP2, Windows Server 2003
Shutdown: Clear virtual memory pagefile At least Windows XP SP2, Windows Server 2003
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing At least Windows XP SP2, Windows Server 2003
System cryptography: Force strong key protection for user keys stored on the computer At least Windows XP SP2, Windows Server 2003
System objects: Default owner for objects created by members of the Administrators group At least Windows XP SP2, Windows Server 2003
System objects: Require case insensitivity for non-Windows subsystems At least Windows XP SP2, Windows Server 2003
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) Windows XP SP2, Windows Server 2003
System settings: Optional subsystems At least Windows Vista, Windows Server 2003
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies At least Windows Vista, Windows Server 2003
User Account Control: Admin Approval Mode for the Built-in Administrator account At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for standard users At least Windows Vista, Windows Server 2008
User Account Control: Detect application installations and prompt for elevation At least Windows Vista, Windows Server 2008
User Account Control: Only elevate executables that are signed and validated At least Windows Vista, Windows Server 2008
User Account Control: Only elevate UIAccess applications that are installed in
secure locations
At least Windows Vista, Windows Server 2008
User Account Control: Run all administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008
User Account Control: Switch to the secure desktop when prompting for elevation At least Windows Vista, Windows Server 2008
User Account Control: Virtualize file and registry write failures to per-user locations At least Windows Vista, Windows Server 2008
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. At least Windows Vista, Windows Server 2008
Maximum application log size Only Windows XP SP2, Windows Server 2003
Maximum security log size Only Windows XP SP2, Windows Server 2003
Maximum system log size Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing application log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing security log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing system log Only Windows XP SP2, Windows Server 2003
Retain application log Only Windows XP SP2, Windows Server 2003
Retain security log Only Windows XP SP2, Windows Server 2003
Retain system log Only Windows XP SP2, Windows Server 2003
Retention method for application log Only Windows XP SP2, Windows Server 2003
Retention method for security log Only Windows XP SP2, Windows Server 2003
Retention method for system log Only Windows XP SP2, Windows Server 2003
Restricted Groups Only Windows XP SP2, Windows Server 2003
System Services Only Windows XP SP2, Windows Server 2003
Registry Only Windows XP SP2, Windows Server 2003
File System Only Windows XP SP2, Windows Server 2003
Registry Settings
Password Policy security settings are not registry keys.
Account Lockout Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
User Rights security settings are not registry keys
Not a registry key
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswo
rdUse
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditi
ng
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLega
cyAuditPolicy
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineAccessRestriction
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineLaunchRestriction
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst
em\UndockWithoutLogon
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMa
n Print Services\Servers\AddPrinterDrivers
NT\CurrentVersion\Winlogon\AllocateCDRoms
NT\CurrentVersion\Winlogon\AllocateFloppies
MACHINE\Software\Microsoft\Driver Signing\Policy
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\L
DAPServerIntegrity
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
\RefusePasswordChange
\RequireSignOrSeal
\SealSecureChannel
\SignSecureChannel
\DisablePasswordChange
\MaximumPasswordAge
\RequireStrongKey
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName
Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Syste
m, value=DontDisplayLockedUserId
em\DisableCAD
Not a registry key
Not a registry key
em\LegalNoticeText
em\LegalNoticeCaption
NT\CurrentVersion\Winlogon\CachedLogonsCount
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
NT\CurrentVersion\Winlogon\ForceUnlockLogon
em\ScForceOption
NT\CurrentVersion\Winlogon\ScRemoveOption
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\
Parameters\RequireSecuritySignature
Parameters\EnableSecuritySignature
Parameters\EnablePlainTextPassword
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\AutoDisconnect
Not a registry key
meters\RequireSecuritySignature
meters\EnableSecuritySignature
meters\EnableForcedLogOff
meters\SmbServerNameHardeningLevel
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou
sSAM
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou
s
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCre
ds
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludes
Anonymous
meters\NullSessionPipes
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi
nreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi
nreg\AllowedPaths\Machine
meters\NullSessionShares
meters\NullSessionShares
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictReceivingNTLMTraffic
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RestrictNTLMInDomain
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAllowedNTLMServers
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DCAllowedNTLMServers
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownulls
essionfallback
MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId
MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnline
ID
em\Kerberos\Parameters\SupportedEncryptionTypes
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
em\ShutdownWithoutLogon
MACHINE\System\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPoli
cy
MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtec
tion
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminO
wner
Manager\Kernel\ObCaseInsensitive
Manager\ProtectionMode
Manager\SubSystems\optional
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifier
s\AuthenticodeEnabled
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Filt
erAdministratorToken
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co
nsentPromptBehaviorAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co
nsentPromptBehaviorUser
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En
ableInstallerDetection
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Val
idateAdminCodeSignatures
ableSecureUIAPaths
ableLUA
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Pro
mptOnSecureDesktop
ableVirtualization
ableUIADesktopToggle
Event Log security settings are not registry keys.
Restricted Groups policy settings are not registry keys.
System Services policy settings are not registry keys.
not a registry key
File System policy settings are not registry keys.
Help Text
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Password must meet complexity requirements
Store passwords using reversible encryption
Account lockout duration
Account lockout threshold
Reset account lockout counter after
Enforce user logon restrictions
Maximum lifetime for service ticket
Maximum lifetime for user ticket
Maximum lifetime for user ticket renewal
Maximum tolerance for computer clock synchronization
Audit account logon events
Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
Access this computer from the network
This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon.
Users saved credentials might be compromised if this privilege is given to other entities.
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process
Allow log on locally
Allow log on through Remote Desktop Services
Back up files and directories
Bypass traverse checking
Change the system time
Change the Time Zone
Create a pagefile
Create a token object
Create global objects
Create permanent shared objects
Create Symbolic Links
Debug programs
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Impersonate a client after authentication
Increase a process working set
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Log on locally
Manage auditing and security log
Modify an object label
Modify firmware environment values
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects
Accounts: Administrator account status
Accounts: Block Microsoft accounts
Accounts: Guest account status
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Rename administrator account
Accounts: Rename guest account
Audit: Audit the access of global system objects
Audit: Audit the use of Backup and Restore privilege
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.
Audit: Shut down system immediately if unable to log security audits
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Devices: Allow undock without having to log on
Devices: Allowed to format and eject removable media
Devices: Prevent users from installing printer drivers when connecting to shared printers
Devices: Restrict CD-ROM access to locally logged-on user only
Devices: Restrict floppy access to locally logged-on user only
Devices: Unsigned driver installation behavior
Domain controller: Allow server operators to schedule tasks
Domain controller: LDAP server signing requirements
Domain controller: Refuse machine account password changes
Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Disable machine account password changes
Domain member: Maximum machine account password age
Domain member: Require strong (Windows 2000 or later) session key
Interactive logon: Do not display last user name
This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.
Interactive Logon: Display user information when session is locked
Interactive logon: Do not require CTRL+ALT+DEL
Interactive logon: Machine account threshold.
The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that
Interactive logon: Machine inactivity limit.
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Interactive logon: Prompt user to change password before expiration
Interactive logon: Require Domain Controller authentication to unlock
Interactive logon: Require smart card
Interactive logon: Smart card removal behavior
Microsoft network client: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (if server agrees)
Microsoft network client: Send unencrypted password to connect to third-party SMB servers
Microsoft network server: Amount of idle time required before suspending a session
Microsoft network server: Attempt S4U2Self to obtain claim information
Microsoft network server: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Microsoft network server: Disconnect clients when logon hours expire
Microsoft network server: Server SPN target name validation level

Network access: Allow anonymous SID/name translation
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Do not allow storage of credentials or .NET Passports for network authentication
Network access: Let Everyone permissions apply to anonymous users
Network access: Named pipes that can be accessed anonymously
Network access: Remotely accessible registry paths
Network access: Remotely accessible registry paths and subpaths
Network access: Restrict anonymous access to Named Pipes and Shares
Network access: Shares that can be accessed anonymously
Network access: Sharing and security model for local accounts
Network security: Do not store LAN Manager hash value on next password change
Network security: Force logoff when logon hours expire
Network security: LAN Manager authentication level

Network security: LDAP client signing requirements
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Network security: Restrict NTLM: Incoming NTLM traffic
Network security: Restrict NTLM: Audit Incoming NTLM Traffic
Network security: Restrict NTLM: NTLM authentication in this domain
Network security: Restrict NTLM: Audit NTLM authentication in this domain
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication
Network security: Restrict NTLM: Add server exceptions in this domain
Network security: Allow LocalSystem NULL session fallback
Network security: Allow Local System to use computer identity for NTLM
Network security: Allow PKU2U authentication requests to this computer to use online identities.
Network security: Configure encryption types allowed for Kerberos
Recovery console: Allow automatic administrative logon
Recovery console: Allow floppy copy and access to all drives and all folders
Shutdown: Allow system to be shut down without having to log on
Shutdown: Clear virtual memory pagefile
System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms
System Cryptography: Force strong key protection for user keys stored on the computer
System objects: Default owner for objects created by members of the Administrators group
Description
System objects: Require case insensitivity for non-Windows subsystems
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links)
System settings: Optional subsystems
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
User Account Control: Admin Approval Mode for the Built-in Administrator account
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
User Account Control: Behavior of the elevation prompt for standard users
This security setting determines the behavior of the elevation prompt for standard users
User Account Control: Detect application installations and prompt for elevation
User Account Control: Only elevate executables that are signed and validated
User Account Control: Only elevate UIAccess applications that are installed in secure locations
User Account Control: Run all users, including administrators, as standard users.
User Account Control: Switch to the secure desktop when prompting for elevation
User Account Control: Virtualizes file and registry write failures to per-user locations
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
Maximum application log size
Maximum security log size
Maximum system log size
Prevent local guests group and ANONYMOUS LOGIN users from accessing application log
Prevent local guests group and ANONYMOUS LOGIN users from accessing security log
Prevent local guests group and ANONYMOUS LOGIN users from accessing system log
Retain application log
Retain security log
Retain system log
Retention method for application log
Retention method for security log
Retention method for system log
Restricted Groups
System Services security settings
Registry security settings
File System security settings
Reboot
Required
Comments
No
No
No
No
No
No
No
No
No
No clients will get the new
setting after a maximum
No
No
No
No
No
No
No
No
No
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Note: In Windows 2000
Server, Windows 2000
No Logoff required
No Note: See also the
corresponding Windows
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No
No
No
No
No
Yes
Yes
No
Yes
No
No
No
No
No For the policy change to
take effect, the spooler
No
No
No
Yes Restart of service might
be sufficient
No
No
No Important: In order to
take advantage of this
No
No
No
No Important: This setting
applies to Windows
No
No
No
No
No
No
No
No
No
applies to Windows
will apply to any
No Only LogOff is required
for W2K, XP and W2K3
Yes Important: For this
policy to take effect on
Yes
Yes
Yes
No
Yes Important: For this
policy to take effect on
No
No
No
No
No Important: This policy
has no impact on
No
No
No
Yes
No Important: The
Network access:
No Important: On
Windows XP, this
Yes
Yes
only affects computers
No Important: Windows
2000 Service Pack 2
No
can affect the ability of
Yes
No Warning: This setting
will apply to any
No Warning: This setting
will apply to any
No
No
No
No
No
No
No
No
No
No
No
No Require restart of
recovery console
No
Require restart of
recovery console
No Requires logoff
Yes Vista does NOT require
reboot
No
Yes Requires reboot with
CNG on Vista; Does not
No This policy does not
exist on Vista
Yes
Yes
Yes
No
No
No
No
No
No
No
Yes
No
No
No
No Note: This setting does
not appear in the Local
No Notes: This setting
does not appear in the
Note: This setting does

WindowsServer2012R2andWindows8 1GroupPolicySettings

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WindowsServer2012R2andWindows8 1GroupPolicySettings

Uploaded by

Copyright:

Available Formats

Group Policy Settings Reference

Windows Server 2012R2 and Windows 8.1

You might also like