This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs, Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs. These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs). You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column. To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter, and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8. Legal Notice This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. Some examples depicted herein are provided for illustration only and are fictitious. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. 2013 Microsoft Corporation. All rights reserved. Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx and .adml) delivered with Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs, Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft Windows 2000 with SP5 or earlier service packs. These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (GPOs). You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combination of values that are available in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering criteria within that column. To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on which you want to filter, and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Windows 8, in the Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server 2012 or Windows 8. This document is provided as-is. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. Windows Server 2012. The policy settings included in this spreadsheet cover Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs, File Name ActiveXInstallService.admx ActiveXInstallService.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AddRemovePrograms.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppCompat.admx AppxPackageManager.admx AppxPackageManager.admx AppxPackageManager.admx AppXRuntime.admx AppXRuntime.admx AppXRuntime.admx AppXRuntime.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AttachmentManager.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx AutoPlay.admx Biometrics.admx Biometrics.admx Biometrics.admx Biometrics.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx Bits.admx CEIPEnable.admx CEIPEnable.admx CipherSuiteOrder.admx COM.admx COM.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx conf.admx ControlPanel.admx ControlPanel.admx ControlPanel.admx ControlPanel.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx ControlPanelDisplay.admx Cpls.admx CredentialProviders.admx CredentialProviders.admx CredentialProviders.admx CredentialProviders.admx CredentialProviders.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredSsp.admx CredUI.admx CredUI.admx CredUI.admx CredUI.admx CtrlAltDel.admx CtrlAltDel.admx CtrlAltDel.admx CtrlAltDel.admx DCOM.admx DCOM.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx Desktop.admx DeviceCompat.admx DeviceCompat.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceInstallation.admx DeviceRedirection.admx DeviceRedirection.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DeviceSetup.admx DFS.admx DigitalLocker.admx DigitalLocker.admx DiskDiagnostic.admx DiskDiagnostic.admx DiskNVCache.admx DiskNVCache.admx DiskNVCache.admx DiskNVCache.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DiskQuota.admx DistributedLinkTracking.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DnsClient.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx DWM.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EAIME.admx EarlyLaunchAM.admx EdgeUI.admx EdgeUI.admx EdgeUI.admx EdgeUI.admx EdgeUI.admx EncryptFilesonMove.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx EnhancedStorage.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx ErrorReporting.admx EventForwarding.admx EventForwarding.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventLog.admx EventViewer.admx EventViewer.admx EventViewer.admx Explorer.admx Explorer.admx Explorer.admx Explorer.admx Explorer.admx Explorer.admx ExternalBoot.admx ExternalBoot.admx ExternalBoot.admx FileHistory.admx FileRecovery.admx FileServerVSSAgent.admx FileServerVSSProvider.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FileSys.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FolderRedirection.admx FramePanes.admx FramePanes.admx fthsvc.admx GameExplorer.admx GameExplorer.admx GameExplorer.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx Globalization.admx GroupPolicy-Server.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx grouppolicy.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx GroupPolicyPreferences.admx Help.admx Help.admx Help.admx Help.admx HelpAndSupport.admx HelpAndSupport.admx HelpAndSupport.admx HelpAndSupport.admx hotspotauth.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx ICM.admx IIS.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx inetres.admx InkWatson.admx InkWatson.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx iSCSI.admx kdc.admx kdc.admx kdc.admx kdc.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx kerberos.admx LanmanServer.admx LanmanServer.admx LeakDiagnostic.admx LinkLayerTopologyDiscovery.admx LinkLayerTopologyDiscovery.admx LocationProviderAdm.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx Logon.admx MediaCenter.admx MediaCenter.admx MMC.admx MMC.admx MMC.admx MMC.admx MMC.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapins.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MMCSnapIns2.admx MobilePCMobilityCenter.admx MobilePCMobilityCenter.admx MobilePCPresentationSettings.admx MobilePCPresentationSettings.admx msched.admx msched.admx msched.admx MSDT.admx MSDT.admx MSDT.admx Msi-FileRecovery.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx msi.admx NAPXPQec.admx nca.admx nca.admx nca.admx nca.admx nca.admx nca.admx nca.admx nca.admx NCSI.admx NCSI.admx NCSI.admx NCSI.admx NCSI.admx NCSI.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetLogon.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkConnections.admx NetworkIsolation.admx NetworkIsolation.admx NetworkIsolation.admx NetworkIsolation.admx NetworkIsolation.admx NetworkProjection.admx NetworkProjection.admx NetworkProjection.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx OfflineFiles.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx P2P-pnrp.admx ParentalControls.admx pca.admx pca.admx pca.admx pca.admx pca.admx pca.admx pca.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PeerToPeerCaching.admx PenTraining.admx PenTraining.admx PerformanceDiagnostics.admx PerformanceDiagnostics.admx PerformanceDiagnostics.admx PerformanceDiagnostics.admx PerformancePerftrack.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx Power.admx PowerShellExecutionPolicy.admx PowerShellExecutionPolicy.admx PowerShellExecutionPolicy.admx PowerShellExecutionPolicy.admx PowerShellExecutionPolicy.admx PowerShellExecutionPolicy.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx PreviousVersions.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Printing2.admx Programs.admx Programs.admx Programs.admx Programs.admx Programs.admx Programs.admx Programs.admx PswdSync.admx PswdSync.admx PswdSync.admx PswdSync.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx QOS.admx RacWmiProv.admx Radar.admx ReAgent.admx Reliability.admx Reliability.admx Reliability.admx Reliability.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemoteAssistance.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx RemovableStorage.admx rpc.admx rpc.admx rpc.admx rpc.admx rpc.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx scripts.admx sdiageng.admx sdiageng.admx sdiageng.admx sdiagschd.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx Search.admx SearchOCR.admx SearchOCR.admx SecurityCenter.admx Sensors.admx Sensors.admx Sensors.admx Sensors.admx Sensors.admx Sensors.admx ServerManager.admx ServerManager.admx ServerManager.admx ServerManager.admx Servicing.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx SettingSync.admx Setup.admx Setup.admx ShapeCollector.admx ShapeCollector.admx SharedFolders.admx SharedFolders.admx Sharing.admx Sharing.admx Shell-CommandPrompt-RegEditTools.admx Shell-CommandPrompt-RegEditTools.admx Shell-CommandPrompt-RegEditTools.admx Shell-CommandPrompt-RegEditTools.admx ShellWelcomeCenter.admx Sidebar.admx Sidebar.admx Sidebar.admx Sidebar.admx Sidebar.admx Sidebar.admx SkyDrive.admx SkyDrive.admx SkyDrive.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx SmartCard.admx Snis.admx Snis.admx Snmp.admx Snmp.admx Snmp.admx SoundRec.admx SoundRec.admx srm-fci.admx srm-fci.admx srm-fci.admx srm-fci.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx StartMenu.admx SystemRestore.admx SystemRestore.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletPCInputPanel.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx TabletShell.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx Taskbar.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx TaskScheduler.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx tcpip.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx Terminalserver-Server.admx TerminalServer-WinIP.admx TerminalServer-WinIP.admx TerminalServer.admx TerminalServer-WinIP.admx TerminalServer-WinIP.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer-WinIP.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx TerminalServer.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx Tpm.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx UserProfiles.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx VolumeEncryption.admx W32Time.admx W32Time.admx W32Time.admx W32Time.admx WCM.admx WCM.admx WCM.admx WCM.admx wdi.admx wdi.admx WinCal.admx WinCal.admx WindowsAnytimeUpgrade.admx WindowsAnytimeUpgrade.admx WindowsBackup.admx WindowsBackup.admx WindowsBackup.admx WindowsBackup.admx WindowsBackup.admx WindowsColorSystem.admx WindowsColorSystem.admx WindowsConnectNow.admx WindowsConnectNow.admx WindowsConnectNow.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsDefender.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsExplorer.admx WindowsFileProtection.admx WindowsFileProtection.admx WindowsFileProtection.admx WindowsFileProtection.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx windowsfirewall.admx WindowsMail.admx WindowsMail.admx WindowsMail.admx WindowsMail.admx WindowsMediaDRM.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMediaPlayer.admx WindowsMessenger.admx WindowsMessenger.admx WindowsMessenger.admx WindowsMessenger.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsRemoteManagement.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WindowsUpdate.admx WinInit.admx WinInit.admx WinInit.admx WinLogon.admx WinLogon.admx WinLogon.admx WinLogon.admx WorkFolders-Client.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx WPN.admx wwansvc.admx wwansvc.admx Policy Setting Name Approved Installation Sites for ActiveX Controls Establish ActiveX installation policy for sites in Trusted zones Specify default category for Add New Programs Hide the "Add a program from CD-ROM or floppy disk" option Hide the "Add programs from Microsoft" option Hide the "Add programs from your network" option Hide Add New Programs page Remove Add or Remove Programs Hide the Set Program Access and Defaults page Hide Change or Remove Programs page Go directly to Components Wizard Remove Support Information Hide Add/Remove Windows Components page Prevent access to 16-bit applications Remove Program Compatibility Property Page Turn off Application Telemetry Turn off SwitchBack Compatibility Engine Turn off Application Compatibility Engine Turn off Program Compatibility Assistant Turn off Program Compatibility Assistant Turn off Steps Recorder Turn off Inventory Collector Allow all trusted apps to install Allow deployment operations in special profiles Allow development of Windows Store apps without installing a developer license Block launching desktop apps associated with a file. Block launching desktop apps associated with a file. Block launching desktop apps associated with a URI scheme Block launching desktop apps associated with a URI scheme Notify antivirus programs when opening attachments Trust logic for file attachments Do not preserve zone information in file attachments Hide mechanisms to remove zone information Default risk level for file attachments Inclusion list for high risk file types Inclusion list for low file types Inclusion list for moderate risk file types Set the default behavior for AutoRun Set the default behavior for AutoRun Prevent AutoPlay from remembering user choices. Prevent AutoPlay from remembering user choices. Turn off Autoplay Turn off Autoplay Disallow Autoplay for non-volume devices Disallow Autoplay for non-volume devices Allow the use of biometrics Allow users to log on using biometrics Allow domain users to log on using biometrics Specify timeout for fast user switching events Timeout for inactive BITS jobs Limit the maximum BITS job download time Limit the maximum network bandwidth for BITS background transfers Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers Allow BITS Peercaching Limit the age of files in the BITS Peercache Limit the BITS Peercache size Do not allow the computer to act as a BITS Peercaching client Do not allow the computer to act as a BITS Peercaching server Limit the maximum network bandwidth used for Peercaching Set default download behavior for BITS jobs on costed networks Limit the maximum number of BITS jobs for this computer Limit the maximum number of BITS jobs for each user Limit the maximum number of files allowed in a BITS job Limit the maximum number of ranges that can be added to the file in a BITS job Do not allow the BITS client to use Windows Branch Cache Allow Corporate redirection of Customer Experience Improvement uploads Tag Windows Customer Experience Improvement data with Study Identifier SSL Cipher Suite Order Download missing COM components Download missing COM components Disable application Sharing Prevent Control Prevent Sharing Prevent Sharing Command Prompts Prevent Desktop Sharing Prevent Sharing Explorer windows Prevent Application Sharing in true color Disable Audio Prevent changing DirectSound Audio setting Disable full duplex Audio Prevent receiving Video Prevent sending Video Limit the bandwidth of Audio and Video Allow persisting automatic acceptance of Calls Disable Chat Disable Whiteboard Disable NetMeeting 2.x Whiteboard Disable remote Desktop Sharing Enable Automatic Configuration Prevent adding Directory servers Prevent automatic acceptance of Calls Prevent changing Call placement method Disable Directory services Prevent receiving files Prevent sending files Prevent viewing Web directory Limit the size of sent files Set the intranet support Web page Set Call Security options Disable the Advanced Calling button Hide the Audio page Hide the General page Hide the Security page Hide the Video page Hide specified Control Panel items Always open All Control Panel Items when opening Control Panel Prohibit access to Control Panel and PC settings Show only specified Control Panel items Disable the Display Control Panel Hide Settings tab Prevent changing color and appearance Prevent changing screen saver Enable screen saver Force specific screen saver Password protect the screen saver Screen saver timeout Prevent changing desktop background Prevent changing sounds Prevent changing mouse pointers Prevent changing desktop icons Prevent changing color scheme Prevent changing theme Load a specific theme Prevent changing visual style for windows and buttons Force a specific visual style file or force Windows Classic Prohibit selection of visual style font size Do not display the lock screen Prevent changing lock screen image Prevent enabling lock screen slide show Prevent enabling lock screen camera Force a specific background and accent color Force a specific Start background Prevent changing start menu background Force a specific default lock screen image Apply the default account picture to all users Assign a default domain for logon Exclude credential providers Turn on PIN sign-in Turn off picture password sign-in Allow users to select when a password is required when resuming from connected standby Allow delegating default credentials Allow delegating default credentials with NTLM-only server authentication Allow delegating fresh credentials Allow delegating fresh credentials with NTLM-only server authentication Allow delegating saved credentials Allow delegating saved credentials with NTLM-only server authentication Deny delegating default credentials Deny delegating fresh credentials Deny delegating saved credentials Restrict delegation of credentials to remote servers Enumerate administrator accounts on elevation Require trusted path for credential entry Do not display the password reveal button Do not display the password reveal button Remove Change Password Remove Lock Computer Remove Task Manager Remove Logoff Allow local activation security check exemptions Define Activation Security Check exemptions Enable Active Desktop Disable Active Desktop Prohibit changes Add/Delete items Prohibit adding items Prohibit closing items Prohibit deleting items Prohibit editing items Disable all items Allow only bitmapped wallpaper Desktop Wallpaper Enable filter in Find dialog box Hide Active Directory folder Maximum size of Active Directory searches Prohibit User from manually redirecting Profile Folders Hide and disable all items on the desktop Remove the Desktop Cleanup Wizard Hide Internet Explorer icon on desktop Remove Computer icon on the desktop Remove My Documents icon on the desktop Hide Network Locations icon on desktop Remove Properties from the Computer icon context menu Remove Properties from the Documents icon context menu Do not add shares of recently opened documents to Network Locations Remove Recycle Bin icon from desktop Remove Properties from the Recycle Bin context menu Don't save settings at exit Prevent adding Prohibit adjusting desktop toolbars Turn off Aero Shake window minimizing mouse gesture Device compatibility settings Driver compatibility settings Prioritize all digitally signed drivers equally during the driver ranking and selection process Configure device installation time-out Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point Allow remote access to the Plug and Play interface Allow administrators to override Device Installation Restriction policies Allow installation of devices using drivers that match these device setup classes Prevent installation of devices using drivers that match these device setup classes Allow installation of devices that match any of these device IDs Prevent installation of devices that match any of these device IDs Prevent installation of removable devices Prevent installation of devices not described by other policy settings Time (in seconds) to force reboot when required for policy changes to take effect Display a custom message title when device installation is prevented by a policy setting Display a custom message when installation is prevented by a policy setting Allow non-administrators to install drivers for these device setup classes Code signing for device drivers Prevent redirection of USB devices Prevent redirection of devices that match any of these device Ids Turn off "Found New Hardware" balloons during device installation Do not send a Windows error report when a generic driver is installed on a device Prevent Windows from sending an error report when a device driver requests additional software during installation Configure driver search locations Turn off Windows Update device driver search prompt Turn off Windows Update device driver search prompt Specify search order for device driver source locations Specify the search server for device driver updates Prevent device metadata retrieval from the Internet Configure how often a DFS client discovers domain controllers Do not allow Digital Locker to run Do not allow Digital Locker to run Disk Diagnostic: Configure custom alert text Disk Diagnostic: Configure execution level Turn off boot and resume optimizations Turn off cache power mode Turn off non-volatile cache feature Turn off solid state mode Enable disk quotas Enforce disk quota limit Specify default quota limit and warning level Log event when quota limit is exceeded Log event when quota warning level is exceeded Apply policy to removable media Allow Distributed Link Tracking clients to use domain resources Connection-specific DNS suffix DNS servers Primary DNS suffix Register DNS records with connection-specific DNS suffix Register PTR records Dynamic update Replace addresses in conflicts Registration refresh interval TTL value for A and PTR records DNS suffix search list Update security level Update top level domain zones Primary DNS suffix devolution Turn off smart multi-homed name resolution Turn off smart protocol reordering Allow NetBT queries for fully qualified domain names Prefer link local responses over DNS when received over a network with higher precedence Turn off IDN encoding IDN mapping Do not allow window animations Do not allow window animations Do not allow Flip3D invocation Do not allow Flip3D invocation Use solid color for Start background Specify a default color Specify a default color Do not allow color changes Do not allow color changes Turn on misconversion logging for misconversion report Turn off saving auto-tuning data to file Turn off history-based predictive input Turn off Open Extended Dictionary Turn off Internet search integration Turn off custom dictionary Restrict character code range of conversion Do not include Non-Publishing Standard Glyph in the candidate list Boot-Start Driver Initialization Policy Turn off switching between recent apps Turn off tracking of app usage App switching Charms WinX Do not automatically encrypt files moved to encrypted folders Allow only USB root hub connected Enhanced Storage devices Lock Enhanced Storage when the computer is locked Do not allow non-Enhanced Storage removable devices Do not allow password authentication of Enhanced Storage devices Do not allow Windows to activate Enhanced Storage devices Configure list of IEEE 1667 silos usable on your computer Configure list of Enhanced Storage devices usable on your computer Configure Error Reporting Display Error Notification Disable Windows Error Reporting Disable Windows Error Reporting Prevent display of the user interface for critical errors Disable logging Disable logging Do not send additional data Do not send additional data Do not throttle additional data Do not throttle additional data Send additional data when on battery power Send additional data when on battery power Send data when on connected to a restricted/costed network Send data when on connected to a restricted/costed network Automatically send memory dumps for OS-generated error reports Automatically send memory dumps for OS-generated error reports Default application reporting settings List of applications to never report errors for List of applications to always report errors for Report operating system errors Configure Report Archive Configure Report Archive Configure Corporate Windows Error Reporting List of applications to be excluded List of applications to be excluded Configure Report Queue Configure Report Queue Customize consent settings Customize consent settings Ignore custom consent settings Ignore custom consent settings Configure Default consent Configure Default consent
Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Control the location of the log file Specify the maximum log file size (KB) Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Control the location of the log file Specify the maximum log file size (KB) Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Turn on logging Control the location of the log file Specify the maximum log file size (KB) Back up log automatically when full Configure log access Control Event Log behavior when the log file reaches its maximum size Control the location of the log file Specify the maximum log file size (KB) Events.asp program Events.asp program command line parameters Events.asp URL Display the menu bar in File Explorer Prevent users from adding files to the root of their Users Files folder. Turn off common control and window animations Turn off Data Execution Prevention for Explorer Turn off heap termination on corruption Set a support web page link Windows To Go Default Startup Options Allow hibernate (S4) when starting from a Windows To Go workspace Disallow standby sleep states (S1-S3) when starting from a Windows to Go workspace Turn off File History Configure Corrupted File Recovery behavior Configure maximum age of file server shadow copies Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. Selectively allow the evaluation of a symbolic link Do not allow compression on all NTFS volumes Do not allow encryption on all NTFS volumes Enable NTFS pagefile encryption Short name creation options Disable delete notifications on all volumes Enable / disable TXF deprecated features Use localized subfolder names when redirecting Start Menu and My Documents Do not automatically make all redirected folders available offline Do not automatically make specific redirected folders available offline Use localized subfolder names when redirecting Start Menu and My Documents Enable optimized move of contents in Offline Files cache on Folder Redirection server path change Redirect folders on primary computers only Redirect folders on primary computers only Turn on or off details pane Turn off Preview Pane Configure Scenario Execution Level Turn off downloading of game information Turn off tracking of last play time of games in the Games folder Turn off game updates Disallow selection of Custom Locales Disallow selection of Custom Locales Restrict system locales Disallow copying of user input methods to the system account for sign-in Restrict user locales Restrict user locales Disallow changing of geographic location Disallow changing of geographic location Disallow user override of locale settings Disallow user override of locale settings Hide Regional and Language Options administrative options Hide the geographic location option Hide the select language group options Hide user locale selection and customization options Restricts the UI language Windows uses for all logged users Restricts the UI languages Windows should use for the selected user Force selected system UI language to overwrite the user UI language Restrict selection of Windows menus and dialogs language Turn off offer text predictions as I type Turn off insert a space after selecting a text prediction Turn off autocorrect misspelled words Turn off highlight misspelled words Block clean-up of unused language packs Century interpretation for Year 2000 Turn off automatic learning Turn off automatic learning Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services Configure Group Policy Caching Configure Logon Script Delay Enable AD/DFS domain controller synchronization during policy refresh Turn off Group Policy Client Service AOAC optimization Configure Direct Access connections as a fast network connection Change Group Policy processing to run asynchronously when a slow network connection is detected. Turn off Local Group Policy Objects processing Specify startup policy processing wait time Allow cross-forest user policy and roaming user profiles Configure software Installation policy processing Configure disk quota policy processing Configure EFS recovery policy processing Configure folder redirection policy processing Configure Internet Explorer Maintenance policy processing Configure IP security policy processing Configure registry policy processing Configure scripts policy processing Configure security policy processing Configure wireless policy processing Configure wired policy processing Determine if interactive users can generate Resultant Set of Policy data Determine if interactive users can generate Resultant Set of Policy data Turn off automatic update of ADM files Turn off background refresh of Group Policy Remove users' ability to invoke machine policy refresh Enforce Show Policies Only Configure Group Policy domain controller selection Configure Group Policy slow link detection Configure Group Policy slow link detection Set Group Policy refresh interval for computers Set Group Policy refresh interval for domain controllers Set Group Policy refresh interval for users Set default name for new Group Policy objects Create new Group Policy Object links disabled by default Always use local ADM files for Group Policy Object Editor Turn off Resultant Set of Policy logging Configure user Group Policy loopback processing mode Specify workplace connectivity wait time for policy processing Configure Applications preference extension policy processing Configure Applications preference logging and tracing Configure Data Sources preference extension policy processing Configure Data Sources preference logging and tracing Configure Devices preference extension policy processing Configure Devices preference logging and tracing Configure Drive Maps preference extension policy processing Configure Drive Maps preference logging and tracing Configure Environment preference extension policy processing Configure Environment preference logging and tracing Configure Files preference extension policy processing Configure Files preference logging and tracing Configure Folder Options preference extension policy processing Configure Folder Options preference logging and tracing Configure Folders preference extension policy processing Configure Folders preference logging and tracing Configure Ini Files preference extension policy processing Configure Ini Files preference logging and tracing Configure Internet Settings preference extension policy processing Configure Internet Settings preference logging and tracing Configure Local Users and Groups preference extension policy processing Configure Local Users and Groups preference logging and tracing Configure Network Options preference extension policy processing Configure Network Options preference logging and tracing Configure Network Shares preference extension policy processing Configure Network Shares preference logging and tracing Configure Power Options preference extension policy processing Configure Power Options preference logging and tracing Configure Printers preference extension policy processing Configure Printers preference logging and tracing Configure Regional Options preference extension policy processing Configure Regional Options preference logging and tracing Configure Registry preference extension policy processing Configure Registry preference logging and tracing Configure Scheduled Tasks preference extension policy processing Configure Scheduled Tasks preference logging and tracing Configure Services preference extension policy processing Configure Services preference logging and tracing Configure Shortcuts preference extension policy processing Configure Shortcuts preference logging and tracing Configure Start Menu preference extension policy processing Configure Start Menu preference logging and tracing Permit use of Application snap-ins Permit use of Applications preference extension Permit use of Control Panel Settings (Computers) Permit use of Data Sources preference extension Permit use of Environment preference extension Permit use of Files preference extension Permit use of Folders preference extension Permit use of Folder Options preference extension Permit use of Internet Settings preference extension Permit use of Local Users and Groups preference extension Permit use of Power Options preference extension Permit use of Registry preference extension Permit use of Scheduled Tasks preference extension Permit use of Shortcuts preference extension Permit use of Start Menu preference extension Permit use of Control Panel Settings (Users) Permit use of Preferences tab Restrict potentially unsafe HTML Help functions to specified folders Restrict these programs from being launched from Help Restrict these programs from being launched from Help Turn off Data Execution Prevention for HTML Help Executible Turn off Active Help Turn off Help Ratings Turn off Help Experience Improvement Program Turn off Windows Online Enable Hotspot Authentication Restrict Internet communication Restrict Internet communication Turn off Automatic Root Certificates Update Turn off printing over HTTP Turn off printing over HTTP Turn off downloading of print drivers over HTTP Turn off downloading of print drivers over HTTP Turn off Windows Update device driver searching Turn off Event Viewer "Events.asp" links Turn off Help and Support Center "Did you know?" content Turn off Help and Support Center Microsoft Knowledge Base search Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com Turn off Registration if URL connection is referring to Microsoft.com Turn off Windows Error Reporting Turn off access to all Windows Update features Turn off Search Companion content file updates Turn off Internet File Association service Turn off Internet File Association service Turn off access to the Store Turn off access to the Store Turn off Internet download for Web publishing and online ordering wizards Turn off Internet download for Web publishing and online ordering wizards Turn off the "Order Prints" picture task Turn off the "Order Prints" picture task Turn off the "Publish to Web" task for files and folders Turn off the "Publish to Web" task for files and folders Turn off the Windows Messenger Customer Experience Improvement Program Turn off the Windows Messenger Customer Experience Improvement Program Turn off Windows Customer Experience Improvement Program Turn off Windows Network Connectivity Status Indicator active tests Prevent IIS installation Audio/Video Player Carpoint DHTML Edit Control Shockwave Flash Investor Menu Controls Microsoft Agent Microsoft Chat MSNBC NetShow File Transfer Control Microsoft Scriptlet Component Microsoft Survey Control Turn off the flip ahead with page prediction feature Turn off the flip ahead with page prediction feature Turn off loading websites and content in the background to optimize performance Turn off loading websites and content in the background to optimize performance Turn on the swiping motion on Internet Explorer for the desktop Turn on the swiping motion on Internet Explorer for the desktop Allow active content from CDs to run on user machines Allow active content from CDs to run on user machines Check for server certificate revocation Check for server certificate revocation Turn off ClearType Turn off ClearType Turn on Caret Browsing support Turn on Caret Browsing support Turn on Enhanced Protected Mode Turn on Enhanced Protected Mode Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled Always send Do Not Track header Always send Do Not Track header Use HTTP 1.1 Use HTTP 1.1 Use HTTP 1.1 through proxy connections Use HTTP 1.1 through proxy connections Allow Internet Explorer to use the SPDY/3 network protocol Allow Internet Explorer to use the SPDY/3 network protocol Turn off encryption support Turn off encryption support Do not allow resetting Internet Explorer settings Do not allow resetting Internet Explorer settings Check for signatures on downloaded programs Check for signatures on downloaded programs Allow third-party browser extensions Allow third-party browser extensions Allow Install On Demand (Internet Explorer) Allow Install On Demand (Internet Explorer) Allow Install On Demand (except Internet Explorer) Allow Install On Demand (except Internet Explorer) Automatically check for Internet Explorer updates Automatically check for Internet Explorer updates Allow software to run or install even if the signature is invalid Allow software to run or install even if the signature is invalid Play animations in web pages Play animations in web pages Play sounds in web pages Play sounds in web pages Play videos in web pages Play videos in web pages Turn off Profile Assistant Turn off Profile Assistant Do not save encrypted pages to disk Do not save encrypted pages to disk Empty Temporary Internet Files folder when browser is closed Empty Temporary Internet Files folder when browser is closed Show Content Advisor on Internet Options Show Content Advisor on Internet Options Turn on inline AutoComplete Turn off inline AutoComplete in File Explorer Go to an intranet site for a one-word entry in the Address bar Go to an intranet site for a one-word entry in the Address bar Turn on script debugging Turn off details in messages about Internet connection problems Turn off page transitions Turn on the display of script errors Turn off smooth scrolling Turn off configuring underline links Turn off phone number detection Turn off phone number detection Subscription Limits Disable adding channels Disable adding schedules for offline pages Disable offline page hit logging Disable channel user interface completely Disable editing and creating of schedule groups Disable editing schedules for offline pages Disable removing channels Disable removing schedules for offline pages Disable all scheduled offline pages Disable downloading of site subscription content Prevent specifying the code download path for each computer Prevent choosing default text size Disable the Advanced page Disable the Advanced page Disable the Connections page Disable the Connections page Disable the Content page Disable the Content page Disable the General page Disable the General page Disable the Privacy page Disable the Privacy page Disable the Programs page Disable the Programs page Disable the Security page Disable the Security page Send internationalized domain names Send internationalized domain names Use UTF-8 for mailto links Use UTF-8 for mailto links Prevent ignoring certificate errors Prevent ignoring certificate errors Turn off sending URL path as UTF-8 Prevent specifying background color Prevent specifying text color Prevent the use of Windows colors Prevent specifying cipher strength update information URLs Start the Internet Connection Wizard automatically Add-on List Add-on List Deny all add-ons unless specifically allowed in the Add-on List Deny all add-ons unless specifically allowed in the Add-on List All Processes All Processes Process List Process List Admin-approved behaviors Admin-approved behaviors Install binaries signed by MD2 and MD4 signing technologies Install binaries signed by MD2 and MD4 signing technologies All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List All Processes All Processes Internet Explorer Processes Internet Explorer Processes Process List Process List Internet Zone Restricted Protocols Internet Zone Restricted Protocols Intranet Zone Restricted Protocols Intranet Zone Restricted Protocols Local Machine Zone Restricted Protocols Local Machine Zone Restricted Protocols Restricted Sites Zone Restricted Protocols Restricted Sites Zone Restricted Protocols Trusted Sites Zone Restricted Protocols Trusted Sites Zone Restricted Protocols Turn off Crash Detection Turn off Crash Detection Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar Turn off Automatic Crash Recovery Turn off Automatic Crash Recovery Turn off Reopen Last Browsing Session Turn off Reopen Last Browsing Session Do not allow users to enable or disable add-ons Do not allow users to enable or disable add-ons Add a specific list of search providers to the user's list of search providers Add a specific list of search providers to the user's list of search providers Turn on menu bar by default Turn on menu bar by default Turn off Favorites bar Turn off Favorites bar Disable caching of Auto-Proxy scripts Disable external branding of Internet Explorer Disable changing Advanced page settings Customize user agent string Customize user agent string Use Automatic Detection for dial-up connections Prevent "Fix settings" functionality Prevent "Fix settings" functionality Prevent managing the phishing filter Prevent managing the phishing filter Turn off Managing SmartScreen Filter for Internet Explorer 8 Prevent changing pop-up filter level Display error message on proxy script download failure Turn on compatibility logging Turn on compatibility logging Enforce full-screen mode Enforce full-screen mode Disable Import/Export Settings wizard Disable Import/Export Settings wizard Turn off browser geolocation Turn off browser geolocation Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects Turn off page-zooming functionality Turn off page-zooming functionality Identity Manager: Prevent users from using Identities Automatically activate newly installed add-ons Automatically activate newly installed add-ons Turn off add-on performance notifications Turn off add-on performance notifications Turn on ActiveX Filtering Turn on ActiveX Filtering Configure Media Explorer Bar Prevent access to Delete Browsing History Prevent access to Delete Browsing History Prevent deleting form data Prevent deleting form data Prevent deleting passwords Prevent deleting passwords Prevent deleting cookies Prevent deleting cookies Prevent deleting websites that the user has visited Prevent deleting websites that the user has visited Prevent deleting download history Prevent deleting download history Prevent deleting temporary Internet files Prevent deleting temporary Internet files Prevent deleting InPrivate Filtering data Prevent deleting InPrivate Filtering data Prevent deleting ActiveX Filtering Prevent deleting ActiveX Filtering Prevent deleting favorites site data Prevent deleting favorites site data Allow deleting browsing history on exit Allow deleting browsing history on exit Prevent running First Run wizard Prevent running First Run wizard Prevent access to Internet Explorer Help Prevent access to Internet Explorer Help Prevent Internet Explorer Search box from appearing Prevent Internet Explorer Search box from appearing Turn off suggestions for all user-installed providers Turn off suggestions for all user-installed providers Turn off the quick pick menu Turn off the quick pick menu Disable Automatic Install of Internet Explorer components Set tab process growth Set tab process growth Allow Internet Explorer 8 shutdown behavior Allow Internet Explorer 8 shutdown behavior Specify default behavior for a new tab Specify default behavior for a new tab Turn off Tab Grouping Turn off Quick Tabs functionality Turn off Quick Tabs functionality Prevent changing the default search provider Prevent changing the default search provider Disable showing the splash screen Turn off tabbed browsing Turn off tabbed browsing Turn off configuration of pop-up windows in tabbed browsing Turn off configuration of pop-up windows in tabbed browsing Disable Periodic Check for Internet Explorer software updates Prevent configuration of how windows open Prevent configuration of how windows open Configure Outlook Express Pop-up allow list Pop-up allow list Disable changing accessibility settings Disable changing Automatic Configuration settings Disable changing Automatic Configuration settings Disable changing Temporary Internet files settings Disable changing Calendar and Contact settings Disable changing certificate settings Disable changing default browser check Notify users if Internet Explorer is not the default web browser Disable changing color settings Disable changing connection settings Disable changing connection settings Disable Internet Connection wizard Disable changing font settings Disable AutoComplete for forms Turn on the auto-complete feature for user names and passwords on forms Disable "Configuring History" Disable "Configuring History" Disable changing home page settings Disable changing secondary home page settings Disable changing secondary home page settings Disable changing language settings Disable changing link color settings Disable changing Messaging settings Prevent managing pop-up exception list Prevent managing pop-up exception list Turn off pop-up management Turn off pop-up management Disable changing Profile Assistant settings Prevent changing proxy settings Prevent changing proxy settings Disable changing ratings settings Disable the Reset Web Settings feature Prevent the deletion of temporary Internet files and cookies Prevent the deletion of temporary Internet files and cookies Turn off the auto-complete feature for web addresses Turn off the auto-complete feature for web addresses Turn off Windows Search AutoComplete Turn off Windows Search AutoComplete Turn off URL Suggestions Turn off URL Suggestions Search: Disable Find Files via F3 within the browser Search: Disable Search Customization Security Zones: Use only machine settings Security Zones: Do not allow users to change policies Security Zones: Do not allow users to add/delete sites Disable software update shell notifications on program launch Restrict search providers to a specific list Restrict search providers to a specific list Prevent participation in the Customer Experience Improvement Program Prevent participation in the Customer Experience Improvement Program Prevent configuration of new tab creation Prevent configuration of new tab creation Make proxy settings per-machine (rather than per-user) Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow only approved domains to use ActiveX controls without prompt Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Turn on Cross-Site Scripting Filter Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Intranet Sites: Include all local (intranet) sites not listed in other zones Intranet Sites: Include all local (intranet) sites not listed in other zones Turn on certificate address mismatch warning Turn on certificate address mismatch warning Locked-Down Internet Zone Template Locked-Down Internet Zone Template Internet Zone Template Internet Zone Template Locked-Down Intranet Zone Template Locked-Down Intranet Zone Template Intranet Zone Template Intranet Zone Template Locked-Down Local Machine Zone Template Locked-Down Local Machine Zone Template Local Machine Zone Template Local Machine Zone Template Locked-Down Restricted Sites Zone Template Locked-Down Restricted Sites Zone Template Restricted Sites Zone Template Restricted Sites Zone Template Locked-Down Trusted Sites Zone Template Locked-Down Trusted Sites Zone Template Trusted Sites Zone Template Trusted Sites Zone Template Intranet Sites: Include all sites that bypass the proxy server Intranet Sites: Include all sites that bypass the proxy server Intranet Sites: Include all network paths (UNCs) Intranet Sites: Include all network paths (UNCs) Site to Zone Assignment List Site to Zone Assignment List Turn on automatic detection of intranet Turn on automatic detection of intranet Turn on Notification bar notification for intranet content Turn on Notification bar notification for intranet content Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Allow active content over restricted protocols to access my computer Allow active content over restricted protocols to access my computer Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Allow websites to open windows without status bar or Address bar Allow websites to open windows without status bar or Address bar Allow video and animation on a webpage that uses an older media player Allow video and animation on a webpage that uses an older media player Allow scriptlets Allow scriptlets Turn off first-run prompt Turn off first-run prompt Include local path when user is uploading files to a server Include local path when user is uploading files to a server Turn on SmartScreen Filter scan Turn on SmartScreen Filter scan Allow websites to prompt for information by using scripted windows Allow websites to prompt for information by using scripted windows Allow updates to status bar via script Allow updates to status bar via script Turn on Protected Mode Turn on Protected Mode Show security warning for potentially unsafe files Show security warning for potentially unsafe files Allow loading of XAML Browser Applications Allow loading of XAML Browser Applications Allow scripting of Internet Explorer WebBrowser controls Allow scripting of Internet Explorer WebBrowser controls Turn off .NET Framework Setup Turn off .NET Framework Setup Allow loading of XAML files Allow loading of XAML files Allow loading of XPS files Allow loading of XPS files Access data sources across domains Access data sources across domains Allow active scripting Allow active scripting Allow META REFRESH Allow META REFRESH Allow cut Allow cut Allow binary and script behaviors Allow binary and script behaviors Use Pop-up Blocker Use Pop-up Blocker Display mixed content Display mixed content Download signed ActiveX controls Download signed ActiveX controls Download unsigned ActiveX controls Download unsigned ActiveX controls Allow drag and drop or copy and paste files Allow drag and drop or copy and paste files Render legacy filters Render legacy filters Allow file downloads Allow file downloads Allow font downloads Allow font downloads Allow installation of desktop items Allow installation of desktop items Java permissions Java permissions Launching applications and files in an IFRAME Launching applications and files in an IFRAME Logon options Logon options Enable MIME Sniffing Enable MIME Sniffing Enable dragging of content from different domains within a window Enable dragging of content from different domains within a window Enable dragging of content from different domains across windows Enable dragging of content from different domains across windows Navigate windows and frames across different domains Navigate windows and frames across different domains Do not prompt for client certificate selection when no certificates or only one certificate exists. Do not prompt for client certificate selection when no certificates or only one certificate exists. Automatic prompting for ActiveX controls Automatic prompting for ActiveX controls Automatic prompting for file downloads Automatic prompting for file downloads Run ActiveX controls and plugins Run ActiveX controls and plugins Script ActiveX controls marked safe for scripting Script ActiveX controls marked safe for scripting Don't run antimalware programs against ActiveX controls Don't run antimalware programs against ActiveX controls Initialize and script ActiveX controls not marked as safe Initialize and script ActiveX controls not marked as safe Scripting of Java applets Scripting of Java applets Run .NET Framework-reliant components signed with Authenticode Run .NET Framework-reliant components signed with Authenticode Software channel permissions Software channel permissions Submit non-encrypted form data Submit non-encrypted form data Run .NET Framework-reliant components not signed with Authenticode Run .NET Framework-reliant components not signed with Authenticode Userdata persistence Userdata persistence Allow script-initiated windows without size or position constraints Allow script-initiated windows without size or position constraints Web sites in less privileged Web content zones can navigate into this zone Web sites in less privileged Web content zones can navigate into this zone Prevent specifying the hover color Prevent specifying the color of links that have not yet been clicked Prevent specifying the color of links that have already been clicked Turn on the hover color option File menu: Disable closing the browser and Explorer windows File menu: Disable Save As... menu option File menu: Disable Save As Web Page Complete File menu: Disable New menu option File menu: Disable Open menu option Help menu: Remove 'Send Feedback' menu option Help menu: Remove 'For Netscape Users' menu option Help menu: Remove 'Tip of the Day' menu option Help menu: Remove 'Tour' menu option Turn off Shortcut Menu Hide Favorites menu Disable Open in New Window menu option Disable Save this program to disk option Turn off Print Menu Turn off Print Menu Tools menu: Disable Internet Options... menu option View menu: Disable Full Screen menu option View menu: Disable Source menu option Turn off automatic image resizing Turn off image display Allow Internet Explorer to play media files that use alternative codecs Allow Internet Explorer to play media files that use alternative codecs Allow the display of image download placeholders Turn off smart image dithering File size limits for Local Machine zone File size limits for Intranet zone File size limits for Trusted Sites zone File size limits for Internet zone File size limits for Restricted Sites zone Turn on printing of background colors and images Turn off background synchronization for feeds and Web Slices Turn off background synchronization for feeds and Web Slices Prevent downloading of enclosures Prevent downloading of enclosures Prevent subscribing to or deleting a feed or a Web Slice Prevent subscribing to or deleting a feed or a Web Slice Prevent automatic discovery of feeds and Web Slices Prevent automatic discovery of feeds and Web Slices Prevent access to feed list Prevent access to feed list Turn on Basic feed authentication over HTTP Turn on Basic feed authentication over HTTP Bypass prompting for Clipboard access for scripts running in any process Bypass prompting for Clipboard access for scripts running in any process Bypass prompting for Clipboard access for scripts running in the Internet Explorer process Bypass prompting for Clipboard access for scripts running in the Internet Explorer process Define applications and processes that can access the Clipboard without prompting Define applications and processes that can access the Clipboard without prompting Prevent configuration of search on Address bar Prevent configuration of search on Address bar Prevent configuration of top-result search on Address bar Prevent configuration of top-result search on Address bar Allow native XMLHTTP support Allow native XMLHTTP support Turn off Data URI support Turn off Data URI support Turn off Data Execution Prevention Do not display the reveal password button Do not display the reveal password button Change the maximum number of connections per host (HTTP 1.1) Change the maximum number of connections per host (HTTP 1.1) Maximum number of connections per server (HTTP 1.0) Maximum number of connections per server (HTTP 1.0) Turn off cross-document messaging Turn off cross-document messaging Turn off the XDomainRequest object Turn off the XDomainRequest object Turn off the WebSocket Object Turn off the WebSocket Object Set the maximum number of WebSocket connections per server Set the maximum number of WebSocket connections per server Turn on automatic signup Turn off toolbar upgrade tool Turn off toolbar upgrade tool Turn off Developer Tools Turn off Developer Tools Disable customizing browser toolbars Disable customizing browser toolbar buttons Configure Toolbar Buttons Hide the Command bar Hide the Command bar Hide the status bar Hide the status bar Lock all toolbars Lock all toolbars Lock location of Stop and Refresh buttons Lock location of Stop and Refresh buttons Customize command labels Customize command labels Use large icons for command buttons Use large icons for command buttons Display tabs on a separate row Display tabs on a separate row Prevent specifying the update check interval (in days) Prevent changing the URL for checking updates to Internet Explorer and Internet Tools Turn off ActiveX Opt-In prompt Turn off ActiveX Opt-In prompt Prevent per-user installation of ActiveX controls Prevent per-user installation of ActiveX controls Specify use of ActiveX Installer Service for installation of ActiveX controls Specify use of ActiveX Installer Service for installation of ActiveX controls Turn on Suggested Sites Turn on Suggested Sites Turn off InPrivate Browsing Turn off InPrivate Browsing Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts Turn off collection of InPrivate Filtering data Turn off collection of InPrivate Filtering data Establish InPrivate Filtering threshold Establish InPrivate Filtering threshold Turn off InPrivate Filtering Turn off InPrivate Filtering Establish Tracking Protection threshold Establish Tracking Protection threshold Turn off Tracking Protection Turn off Tracking Protection Add non-default Accelerators Add non-default Accelerators Add default Accelerators Add default Accelerators Turn off Accelerators Turn off Accelerators Restrict Accelerators to those deployed through Group Policy Restrict Accelerators to those deployed through Group Policy Turn on Internet Explorer 7 Standards Mode Turn on Internet Explorer 7 Standards Mode Turn off Compatibility View Turn off Compatibility View Turn on Internet Explorer Standards Mode for local intranet Turn on Internet Explorer Standards Mode for local intranet Turn off Compatibility View button Turn off Compatibility View button Use Policy List of Internet Explorer 7 sites Use Policy List of Internet Explorer 7 sites Use Policy List of Quirks Mode sites Use Policy List of Quirks Mode sites Include updated website lists from Microsoft Include updated website lists from Microsoft Turn off ability to pin sites in Internet Explorer on the desktop Turn off ability to pin sites in Internet Explorer on the desktop Set default storage limits for websites Set default storage limits for websites Allow websites to store indexed databases on client computers Allow websites to store indexed databases on client computers Set indexed database storage limits for individual domains Set indexed database storage limits for individual domains Set maximum indexed database storage limit for all domains Set maximum indexed database storage limit for all domains Allow websites to store application caches on client computers Allow websites to store application caches on client computers Set application cache storage limits for individual domains Set application cache storage limits for individual domains Set maximum application caches storage limit for all domains Set maximum application caches storage limit for all domains Set application caches expiration time limit for individual domains Set application caches expiration time limit for individual domains Set maximum application cache resource list size Set maximum application cache resource list size Set maximum application cache individual resource size Set maximum application cache individual resource size Start Internet Explorer with tabs from last browsing session Start Internet Explorer with tabs from last browsing session Open Internet Explorer tiles on the desktop Open Internet Explorer tiles on the desktop Set how links are opened in Internet Explorer Set how links are opened in Internet Explorer Install new versions of Internet Explorer automatically Turn off handwriting recognition error reporting Turn off handwriting recognition error reporting Do not allow manual configuration of iSNS servers Do not allow manual configuration of target portals Do not allow manual configuration of discovered targets Do not allow adding new targets via manual configuration Do not allow changes to initiator iqn name Do not allow additional session logins Do not allow changes to initiator CHAP secret Do not allow connections without IPSec Do not allow sessions without mutual CHAP Do not allow sessions without one way CHAP Provide information about previous logons to client computers Use forest search order KDC support for claims Warning for large Kerberos tickets Define host name-to-Kerberos realm mappings Define interoperable Kerberos V5 realm settings Require strict KDC validation Use forest search order Require strict target SPN match on remote procedure calls Specify KDC proxy servers for Kerberos clients Disable revocation checking for the SSL certificate of KDC proxy servers Fail authentication requests when Kerberos armoring is not available Support compound authentication Set maximum Kerberos SSPI context token buffer size Kerberos client support for claims Hash Publication for BranchCache Hash Version support for BranchCache Configure Scenario Execution Level Turn on Mapper I/O (LLTDIO) driver Turn on Responder (RSPNDR) driver Turn off Windows Location Provider Do not process the legacy run list Do not process the legacy run list Do not process the run once list Do not process the run once list Always use classic logon Do not display the Getting Started welcome screen at logon Run these programs at user logon Run these programs at user logon Always wait for the network at computer startup and logon Remove Boot / Shutdown / Logon / Logoff status messages Do not display the Getting Started welcome screen at logon Display highly detailed status messages Hide entry points for Fast User Switching Turn off Windows Startup sound Show first sign-in animation Always use custom logon background Do not enumerate connected users on domain-joined computers Enumerate local users on domain-joined computers Turn off app notifications on the lock screen Do not allow Windows Media Center to run Do not allow Windows Media Center to run Restrict the user from entering author mode Restrict users to the explicitly permitted list of snap-ins Extended View (Web View) ActiveX Control Link to Web Address AppleTalk Routing Authorization Manager Certification Authority Policy Settings Connection Sharing (NAT) DCOM Configuration Extension Device Manager DHCP Relay Management Enterprise PKI Event Viewer Event Viewer (Windows Vista) IAS Logging IGMP Routing IP Routing IPX RIP Routing IPX Routing IPX SAP Routing Logical and Mapped Drives Online Responder OSPF Routing Public Key Policies RAS Dialin - User Node Remote Access Removable Storage RIP Routing Routing Send Console Message Service Dependencies Shared Folders Ext SMTP Protocol SNMP System Properties Group Policy Management Group Policy Object Editor Group Policy tab for Active Directory Tools Resultant Set of Policy snap-in Administrative Templates (Computers) Administrative Templates (Users) Folder Redirection Internet Explorer Maintenance IP Security Policy Management Windows Firewall with Advanced Security NAP Client Configuration Remote Installation Services Scripts (Startup/Shutdown) Scripts (Logon/Logoff) Security Settings Software Installation (Computers) Software Installation (Users) Wired Network (IEEE 802.3) Policies Wireless Network (IEEE 802.11) Policies Administrative Templates (Computers) Administrative Templates (Users) Folder Redirection Internet Explorer Maintenance Scripts (Startup/Shutdown) Scripts (Logon/Logoff) Security Settings Software Installation (Computers) Software Installation (Users) Active Directory Domains and Trusts Active Directory Sites and Services Active Directory Users and Computers ADSI Edit Certification Authority Certificates Certificate Templates Component Services Computer Management Device Manager Distributed File System Disk Defragmenter Disk Management Event Viewer Event Viewer (Windows Vista) Failover Clusters Manager FAX Service FrontPage Server Extensions Health Registration Authority (HRA) Internet Authentication Service (IAS) Internet Information Services Indexing Service IP Security Policy Management IP Security Monitor Local Users and Groups NAP Client Configuration .Net Framework Configuration Network Policy Server (NPS) Performance Logs and Alerts QoS Admission Control Remote Desktops Routing and Remote Access Removable Storage Management Security Configuration and Analysis Security Templates Server Manager Services Shared Folders System Information Telephony Remote Desktop Services Configuration TPM Management Windows Firewall with Advanced Security Wireless Monitor WMI Control Group Policy Starter GPO Editor Group Policy Management Editor Storage Manager for SANs Storage Manager for SANS Extension Disk Management Extension Share and Storage Management Share and Storage Management Extension DFS Management DFS Management Extension File Server Resource Manager File Server Resource Manager Extension Turn off Windows Mobility Center Turn off Windows Mobility Center Turn off Windows presentation settings Turn off Windows presentation settings Automatic Maintenance Activation Boundary Automatic Maintenance Random Delay Automatic Maintenance WakeUp Policy Microsoft Support Diagnostic Tool: Configure execution level Microsoft Support Diagnostic Tool: Restrict tool download Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider Configure MSI Corrupted File Recovery behavior Allow users to browse for source while elevated Allow users to use media source while elevated Allow users to patch elevated products Always install with elevated privileges Always install with elevated privileges Prohibit use of Restart Manager Remove browse dialog box for new source Prohibit flyweight patching Turn off logging via package settings Prevent removable media source for any installation Turn off Windows Installer Prevent users from using Windows Installer to install updates and upgrades Prohibit rollback Prohibit rollback Allow user control over installs Prohibit non-administrators from applying vendor signed updates Prohibit removal of updates Turn off creation of System Restore checkpoints Prohibit User Installs Enforce upgrade component rules Control maximum size of baseline file cache Specify the types of events Windows Installer records in its transaction log Prevent Internet Explorer security prompt for Windows Installer scripts Specify the order in which Windows Installer searches for installation files Save copies of transform files in a secure location on workstation Turn off shared components Prevent embedded UI Allow the Network Access Protection client to support the 802.1x Enforcement Client component Support Email Address Friendly Name User Interface Prefer Local Names Allowed DirectAccess Passive Mode Corporate Resources IPsec Tunnel Endpoints Custom Commands Specify corporate Website probe URL Specify corporate DNS probe host name Specify corporate DNS probe host address Specify corporate site prefix list Specify domain location determination URL Specify passive polling Contact PDC on logon failure Use initial DC discovery retry setting for background callers Use maximum DC discovery retry interval setting for background callers Use final DC discovery retry setting for background callers Use positive periodic DC cache refresh for background callers Specify log file debug output level Specify expected dial-up delay on logon Specify maximum log file size Specify negative DC Discovery cache setting Set Netlogon share compatibility Specify positive periodic DC Cache refresh for non-background callers Set scavenge interval Specify site name Set SYSVOL share compatibility Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC Use DNS name resolution when a single-label domain name is used Use automated site coverage by the DC Locator DNS SRV Records Specify DC Locator DNS records not registered by the DCs Specify Refresh Interval of the DC Locator DNS records Set TTL in the DC Locator DNS Records Specify sites covered by the GC Locator DNS SRV Records Set Priority in the DC Locator DNS SRV records Set Weight in the DC Locator DNS SRV records Specify sites covered by the application directory partition DC Locator DNS SRV records Specify sites covered by the DC Locator DNS SRV records Specify dynamic registration of the DC Locator DNS Records Try Next Closest Site Force Rediscovery Interval Return domain controller address type Allow cryptography algorithms compatible with Windows NT 4.0 Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails Specify address lookup behavior for DC locator ping Use urgent mode when pinging domain controllers Prohibit adding and removing components for a LAN or remote access connection Prohibit access to the Advanced Settings item on the Advanced menu Prohibit TCP/IP advanced configuration Prohibit installation and configuration of Network Bridge on your DNS domain network Prohibit Enabling/Disabling components of a LAN connection Ability to delete all user remote access connections Prohibit deletion of remote access connections Prohibit access to the Remote Access Preferences item on the Advanced menu Enable Windows 2000 Network Connections settings for Administrators Turn off notifications when a connection has only limited or no connectivity Prohibit access to properties of components of a LAN connection Ability to Enable/Disable a LAN connection Prohibit access to properties of a LAN connection Prohibit access to the New Connection Wizard Prohibit use of Internet Connection Firewall on your DNS domain network Ability to change properties of an all user remote access connection Prohibit access to properties of components of a remote access connection Prohibit connecting and disconnecting a remote access connection Prohibit changing properties of a private remote access connection Ability to rename all user remote access connections Ability to rename LAN connections or remote access connections available to all users Ability to rename LAN connections Prohibit renaming private remote access connections Prohibit use of Internet Connection Sharing on your DNS domain network Prohibit viewing of status for an active connection Require domain users to elevate when setting a network's location Do not show the "local access only" network icon Route all traffic through the internal network Internet proxy servers for apps Intranet proxy servers for apps Private network ranges for apps Proxy definitions are authoritative Subnet definitions are authoritative Turn off Connect to a Network Projector Turn off Connect to a Network Projector Network Projector Port Setting Subfolders always available offline Specify administratively assigned Offline Files Specify administratively assigned Offline Files Non-default server disconnect actions Non-default server disconnect actions Default cache size Allow or Disallow use of the Offline Files feature Encrypt the Offline Files cache Event logging level Event logging level Files not cached Action on server disconnect Action on server disconnect Prevent use of Offline Files folder Prevent use of Offline Files folder Prohibit user configuration of Offline Files Prohibit user configuration of Offline Files Remove "Make Available Offline" command Remove "Make Available Offline" command Remove "Make Available Offline" for these files and folders Remove "Make Available Offline" for these files and folders Turn off reminder balloons Turn off reminder balloons At logoff Reminder balloon frequency Reminder balloon frequency Initial reminder balloon lifetime Initial reminder balloon lifetime Reminder balloon lifetime Reminder balloon lifetime Configure Slow link speed Synchronize all offline files before logging off Synchronize all offline files before logging off Synchronize all offline files when logging on Synchronize all offline files when logging on Synchronize offline files before suspend Synchronize offline files before suspend Turn on economical application of administratively assigned Offline Files Configure slow-link mode Limit disk space used by Offline Files Configure Background Sync Enable Transparent Caching Enable file screens Remove "Work offline" command Remove "Work offline" command Enable file synchronization on costed networks Turn off Microsoft Peer-to-Peer Networking Services Turn off Multicast Bootstrap Turn off PNRP cloud creation Set PNRP cloud to resolve only Set the Seed Server Turn off Multicast Bootstrap Turn off PNRP cloud creation Set PNRP cloud to resolve only Set the Seed Server Turn off Multicast Bootstrap Turn off PNRP cloud creation Set PNRP cloud to resolve only Set the Seed Server Disable password strength validation for Peer Grouping Make Family Safety control panel visible on a Domain Detect compatibility issues for applications and drivers Detect application install failures Detect applications unable to launch installers under UAC Detect application failures caused by deprecated Windows DLLs Detect application failures caused by deprecated COM objects Detect application installers that need to be run as administrator Notify blocked drivers Turn on BranchCache Set percentage of disk space used for client computer cache Set BranchCache Hosted Cache mode Set BranchCache Distributed Cache mode Configure BranchCache for network files Enable Automatic Hosted Cache Discovery by Service Connection Point Configure Client BranchCache Version Support Configure Hosted Cache Servers Set age for segments in the data cache Turn off Tablet PC Pen Training Turn off Tablet PC Pen Training Configure Scenario Execution Level Configure Scenario Execution Level Configure Scenario Execution Level Configure Scenario Execution Level Enable/Disable PerfTrack Critical battery notification action Low battery notification action Critical battery notification level Low battery notification level Turn off low battery user notification Select the Power button action (plugged in) Select the Sleep button action (plugged in) Select the lid switch action (plugged in) Select the Start menu Power button action (plugged in) Select the Power button action (on battery) Select the Sleep button action (on battery) Select the lid switch action (on battery) Select the Start menu Power button action (on battery) Turn Off the hard disk (plugged in) Turn Off the hard disk (on battery) Specify a custom active power plan Select an active power plan Prompt for password on resume from hibernate/suspend Turn on the ability for applications to prevent sleep transitions (plugged in) Specify the system hibernate timeout (plugged in) Require a password when a computer wakes (plugged in) Specify the system sleep timeout (plugged in) Turn off hybrid sleep (plugged in) Turn on the ability for applications to prevent sleep transitions (on battery) Specify the system hibernate timeout (on battery) Require a password when a computer wakes (on battery) Specify the system sleep timeout (on battery) Turn off hybrid sleep (on battery) Turn off adaptive display timeout (plugged in) Turn off adaptive display timeout (on battery) Turn off the display (plugged in) Turn off the display (on battery) Allow standby states (S1-S3) when sleeping (plugged in) Allow standby states (S1-S3) when sleeping (on battery) Do not turn off system power after a Windows system shutdown has occurred. Allow automatic sleep with Open Network Files (plugged in) Allow automatic sleep with Open Network Files (on battery) Reduce display brightness (plugged in) Reduce display brightness (on battery) Specify the display dim brightness (plugged in) Specify the display dim brightness (on battery) Turn on desktop background slideshow (plugged in) Turn on desktop background slideshow (on battery) Specify the unattended sleep timeout (plugged in) Specify the unattended sleep timeout (on battery) Allow applications to prevent automatic sleep (plugged in) Allow applications to prevent automatic sleep (on battery) Reserve battery notification level Turn on Script Execution Turn on Script Execution Turn on Module Logging Turn on Module Logging Set the default source path for Update-Help Set the default source path for Update-Help Prevent restoring previous versions from backups Prevent restoring previous versions from backups Hide previous versions list for local files Hide previous versions list for local files Prevent restoring local previous versions Prevent restoring local previous versions Hide previous versions list for remote files Hide previous versions list for remote files Prevent restoring remote previous versions Prevent restoring remote previous versions Hide previous versions of files on backup location Hide previous versions of files on backup location Activate Internet printing Isolate print drivers from applications Custom support URL in the Printers folder's left pane Add Printer wizard - Network scan page (Managed network) Browse the network to find printers Always render print jobs on the server Always rasterize content to be printed using a software rasterizer Browse a common web site to find printers Disallow installation of printers using kernel-mode drivers Prevent addition of printers Prevent deletion of printers Add Printer wizard - Network scan page (Unmanaged network) Only use Package Point and print Package Point and print - Approved servers Only use Package Point and print Package Point and print - Approved servers Computer location Pre-populate printer search location text Point and Print Restrictions Point and Print Restrictions Default Active Directory path when searching for printers Printer browsing Execute print drivers in isolated processes Override print driver execution compatibility setting reported by print driver Extend Point and Print connection to search Windows Update Do not allow v4 printer drivers to show printer extensions Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps) Allow Print Spooler to accept client connections Automatically publish new printers in Active Directory Prune printers that are not automatically republished Directory pruning interval Directory pruning priority Directory pruning retry Log directory pruning retry events Allow printers to be published Check published state Allow pruning of published printers Hide the Programs Control Panel Hide "Programs and Features" page Hide "Installed Updates" page Hide "Set Program Access and Computer Defaults" page Hide "Windows Marketplace" Hide "Get Programs" page Hide "Windows Features" Turn on extensive logging for Password Synchronization Set the number of synchronization retries for servers running Password Synchronization Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory Set the interval between synchronization retries for Password Synchronization Best effort service type Controlled load service type Guaranteed service type Network control service type Qualitative service type Best effort service type Controlled load service type Guaranteed service type Network control service type Qualitative service type Limit outstanding packets Limit reservable bandwidth Set timer resolution Best effort service type Controlled load service type Guaranteed service type Network control service type Non-conforming packets Qualitative service type Configure Reliability WMI Providers Configure Scenario Execution Level Allow restore of system to default state Enable Persistent Time Stamp Report unplanned shutdown events Activate Shutdown Event Tracker System State Data feature Display Shutdown Event Tracker Turn on session logging Allow only Windows Vista or later connections Turn on bandwidth optimization Customize warning messages Configure Solicited Remote Assistance Configure Offer Remote Assistance Set time (in seconds) to force reboot Set time (in seconds) to force reboot CD and DVD: Deny read access CD and DVD: Deny read access CD and DVD: Deny write access CD and DVD: Deny write access CD and DVD: Deny execute access Custom Classes: Deny read access Custom Classes: Deny read access Custom Classes: Deny write access Custom Classes: Deny write access Floppy Drives: Deny read access Floppy Drives: Deny read access Floppy Drives: Deny write access Floppy Drives: Deny write access Floppy Drives: Deny execute access Removable Disks: Deny read access Removable Disks: Deny read access Removable Disks: Deny write access Removable Disks: Deny write access Removable Disks: Deny execute access All Removable Storage classes: Deny all access All Removable Storage classes: Deny all access Tape Drives: Deny read access Tape Drives: Deny read access Tape Drives: Deny write access Tape Drives: Deny write access Tape Drives: Deny execute access WPD Devices: Deny read access WPD Devices: Deny read access WPD Devices: Deny write access WPD Devices: Deny write access All Removable Storage: Allow direct access in remote sessions Enable RPC Endpoint Mapper Client Authentication Propagate extended error information Set Minimum Idle Connection Timeout for RPC/HTTP connections Restrict Unauthenticated RPC clients Maintain RPC Troubleshooting State Information Specify maximum wait time for Group Policy scripts Run legacy logon scripts hidden Display instructions in logoff scripts as they run Run logon scripts synchronously Run logon scripts synchronously Display instructions in logon scripts as they run Run Windows PowerShell scripts first at computer startup Run Windows PowerShell scripts first at user logon Run Windows PowerShell scripts first at user logon Display instructions in shutdown scripts as they run Run startup scripts asynchronously Display instructions in startup scripts as they run Allow logon scripts when NetBIOS or WINS is disabled Configure Security Policy for Scripted Diagnostics Troubleshooting: Allow users to access and run Troubleshooting Wizards Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS) Configure Scheduled Maintenance Behavior Prevent adding UNC locations to index from Control Panel Prevent adding UNC locations to index from Control Panel Allow indexing of encrypted files Disable indexer backoff Prevent clients from querying the index remotely Prevent indexing when running on battery power to conserve energy Prevent customization of indexed locations in Control Panel Prevent customization of indexed locations in Control Panel Allow use of diacritics Always use automatic language detection when indexing content and properties Disable indexing of removable drives Don't search the web or display web results in Search Don't search the web or display web results in Search over metered connections Set what information is shared in Search Set the SafeSearch setting for Search Prevent automatically adding shared folders to the Windows Search index Prevent adding user-specified locations to the All Locations menu Prevent the display of advanced indexing options for Windows Search in the Control Panel Prevent indexing files in offline files cache Enable indexing uncached Exchange folders Enable indexing of online delegate mailboxes Enable throttling for online mail indexing Prevent indexing Microsoft Office Outlook Prevent indexing e-mail attachments Control rich previews for attachments Prevent indexing public folders Indexer data location Add primary intranet search location Add secondary intranet search locations Preview pane location Set large or small icon view in desktop search results Stop indexing in the event of limited hard drive space Prevent unwanted iFilters and protocol handlers Do not allow web search Prevent indexing certain paths Prevent indexing certain paths Default indexed paths Default indexed paths Default excluded paths Default excluded paths Prevent indexing of certain file types Turn off storage and display of search history Select OCR languages from a code page Force TIFF IFilter to perform OCR for every page in a TIFF document Turn on Security Center (Domain PCs only) Turn off sensors Turn off sensors Turn off location Turn off location Turn off location scripting Turn off location scripting Do not display Server Manager automatically at logon Configure the refresh interval for Server Manager Do not display Initial Configuration Tasks window automatically at logon Do not display Manage Your Server page at logon Specify settings for optional component installation and component repair Do not sync Do not sync app settings Do not sync passwords Do not sync personalize Do not sync Apps Do not sync other Windows settings Do not sync desktop personalization Do not sync browser settings Do not sync on metered connections Do not sync start settings Specify Windows Service Pack installation file location Specify Windows installation file location Turn off handwriting personalization data sharing Turn off handwriting personalization data sharing Allow DFS roots to be published Allow shared folders to be published Prevent users from sharing files within their profile. Prevent the computer from joining a homegroup Prevent access to the command prompt Prevent access to registry editing tools Run only specified Windows applications Don't run specified Windows applications Do not display the Welcome Center at user logon Turn off desktop gadgets Turn off desktop gadgets Restrict unpacking and installation of gadgets that are not digitally signed. Restrict unpacking and installation of gadgets that are not digitally signed. Turn Off user-installed desktop gadgets Turn Off user-installed desktop gadgets
Allow certificates with no extended key usage certificate attribute Allow Integrated Unblock screen to be displayed at the time of logon Filter duplicate logon certificates Force the reading of all certificates from the smart card Allow signature keys valid for Logon Allow time invalid certificates Turn on certificate propagation from smart card Configure root certificate clean up Turn on root certificate propagation from smart card Display string when smart card is blocked Reverse the subject name stored in a certificate when displaying Prevent plaintext PINs from being returned by Credential Manager Allow user name hint Turn on Smart Card Plug and Play service Notify user of successful smart card driver installation Allow ECC certificates to be used for logon and authentication Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS Set the map update interval for NIS subordinate servers Specify communities Specify permitted managers Specify traps for public community Do not allow Sound Recorder to run Do not allow Sound Recorder to run File Classification Infrastructure: Display Classification tab in File Explorer File Classification Infrastructure: Specify classification properties list Customize message for Access Denied errors Enable access-denied assistance on client for all file types Clear the recent programs list for new users Remove Games link from Start Menu Remove Search Computer link Remove See More Results / Search Everywhere link Add Search Internet link to Start Menu Do not search for files Do not search Internet Do not search programs and Control Panel items Do not search communications Remove user folder link from Start Menu Add the Run command to the Start Menu Show QuickLaunch on Taskbar Clear history of recently opened documents on exit Add Logoff to the Start Menu Gray unavailable Windows Installer programs Start Menu shortcuts Turn off personalized menus Lock the Taskbar Add "Run in Separate Memory Space" check box to Run dialog box Turn off notification area cleanup Remove Balloon Tips on Start Menu items Prevent users from customizing their Start Screen Clear history of tile notifications on exit Pin Apps to Start when installed Pin Apps to Start when installed Start Screen Layout Start Screen Layout Remove and prevent access to the Shut Down Remove common program groups from Start Menu Remove Favorites menu from Start Menu Remove Search link from Start Menu Remove frequent programs list from the Start Menu Remove Help menu from Start Menu Turn off user tracking Remove All Programs list from the Start menu Remove Network Connections from Start Menu Remove pinned programs list from the Start Menu Do not keep history of recently opened documents Remove Recent Items menu from Start Menu Do not use the search-based method when resolving shell shortcuts Do not use the tracking-based method when resolving shell shortcuts Remove Run menu from Start Menu Remove programs on Settings menu Prevent changes to Taskbar and Start Menu Settings Remove Default Programs link from the Start menu. Remove Documents icon from Start Menu Remove Music icon from Start Menu Remove Network icon from Start Menu Remove Pictures icon from Start Menu Remove user's folders from the Start Menu Force classic Start Menu Remove Clock from the system notification area Prevent grouping of taskbar items Do not display any custom toolbars in the taskbar Remove access to the context menus for the taskbar Hide the notification area Remove user name from Start Menu Remove links and access to Windows Update Remove the "Undock PC" button from the Start Menu Remove Logoff on the Start Menu Remove Homegroup link from Start Menu Remove Downloads link from Start Menu Remove Recorded TV link from Start Menu Remove Videos link from Start Menu Prevent users from uninstalling applications from Start Change Start Menu power button Show "Run as different user" command on Start Default Default app Default search Sort Multimon Turn off Configuration Turn off System Restore Turn off AutoComplete integration with Input Panel Turn off AutoComplete integration with Input Panel Prevent Input Panel tab from appearing Prevent Input Panel tab from appearing For tablet pen input For tablet pen input For touch input For touch input Turn off password security in Input Panel Turn off password security in Input Panel Include rarely used Chinese Include rarely used Chinese Turn off tolerant and Z-shaped scratch-out gestures Disable text prediction Disable text prediction Do not allow Inkball to run Do not allow Inkball to run Do not allow Windows Journal to be run Do not allow Windows Journal to be run Do not allow printing to Journal Note Writer Do not allow printing to Journal Note Writer Do not allow Snipping Tool to run Do not allow Snipping Tool to run Turn off pen feedback Turn off pen feedback Prevent Back-ESC mapping Prevent Back-ESC mapping Prevent launch an application Prevent launch an application Prevent press and hold Prevent press and hold Turn off hardware buttons Turn off hardware buttons Prevent Flicks Learning Mode Prevent Flicks Learning Mode Prevent flicks Prevent flicks Remove the battery meter Remove the networking icon Remove the volume control icon Remove the Action Center icon Lock all taskbar settings Prevent users from adding or removing toolbars Prevent users from rearranging toolbars Turn off all balloon notifications Prevent users from moving taskbar to another screen dock location Prevent users from resizing the taskbar Turn off taskbar thumbnails Remove pinned programs from the Taskbar Turn off automatic promotion of notification icons to the taskbar Turn off feature advertisement balloon notifications Do not display or track items in Jump Lists from remote locations Do not allow pinning programs to the Taskbar Do not allow pinning items in Jump Lists Do not allow taskbars on more than one display Prohibit Browse Prohibit Browse Hide Advanced Properties Checkbox in Add Scheduled Task Wizard Hide Advanced Properties Checkbox in Add Scheduled Task Wizard Prohibit Drag-and-Drop Prohibit Drag-and-Drop Prevent Task Run or End Prevent Task Run or End Hide Property Pages Hide Property Pages Prohibit New Task Creation Prohibit New Task Creation Prohibit Task Deletion Prohibit Task Deletion Set ISATAP State Set ISATAP Router Name Set 6to4 State Set 6to4 Relay Name Set 6to4 Relay Name Resolution Interval Set Teredo State Set Teredo Server Name Set Teredo Refresh Rate Set Teredo Client Port Set Teredo Default Qualified Set IP-HTTPS State Set Window Scaling Heuristics State Set IP Stateless Autoconfiguration Limits State Allow time zone redirection Do not allow Clipboard redirection Remove remote desktop wallpaper Always show desktop on connection Allow remote start of unlisted programs Allow desktop composition for remote desktop sessions Use RD Connection Broker load balancing Redirect only the default client printer Redirect only the default client printer Set time limit for logoff of RemoteApp sessions Set time limit for logoff of RemoteApp sessions Do not allow font smoothing Select the network adapter to be used for Remote Desktop IP Virtualization Do not use Remote Desktop Session Host server IP address when virtual IP address is not available Turn off Fair Share CPU Scheduling Turn off Windows Installer RDS Compatibility Turn on Remote Desktop IP Virtualization Use the hardware default graphics adapter for all Remote Desktop Services sessions Configure image quality for RemoteFX Adaptive Graphics Configure RemoteFX Adaptive Graphics Set remote control session UAC desktop Select network detection on the server Select RDP transport protocols Enable connection through RD Gateway Set RD Gateway server address Automatic reconnection Limit maximum color depth Limit number of monitors Allow users to connect remotely by using Remote Desktop Services Limit maximum display resolution Enforce Removal of Remote Desktop Wallpaper Deny logoff of an administrator logged in to the console session Configure keep-alive connection interval Use the specified Remote Desktop license servers Hide notifications about RD Licensing problems that affect the RD Session Host server Set the Remote Desktop licensing mode Limit number of connections Remove "Disconnect" option from Shut Down dialog Remove Windows Security item from Start menu Suspend user sign-in to complete app registration Set rules for remote control of Remote Desktop Services user sessions Set rules for remote control of Remote Desktop Services user sessions Set remote control session UAC desktop Set remote control permission request timeout Use advanced RemoteFX graphics for RemoteApp Restrict Remote Desktop Services users to a single Remote Desktop Services session Start a program on connection Start a program on connection Do not allow local administrators to customize permissions Always show desktop on connection Set Remote Desktop Services User Home Directory Set path for Remote Desktop Services Roaming User Profile Use mandatory profiles on the RD Session Host server Limit the size of the entire roaming user profile cache License server security group Prevent license upgrade Allow audio and video playback redirection Limit audio playback quality Allow audio recording redirection Do not allow Clipboard redirection Do not allow COM port redirection Do not set default client printer to be default printer in a session Use Remote Desktop Easy Print printer driver first Use Remote Desktop Easy Print printer driver first Do not allow drive redirection Do not allow LPT port redirection Do not allow supported Plug and Play device redirection Do not allow client printer redirection Specify RD Session Host server fallback printer driver behavior Do not allow smart card device redirection Allow time zone redirection Require secure RPC communication Join RD Connection Broker Configure RD Connection Broker farm name Use IP Address Redirection Configure RD Connection Broker server name End session when time limits are reached End session when time limits are reached Set time limit for disconnected sessions Set time limit for disconnected sessions Set time limit for active but idle Remote Desktop Services sessions Set time limit for active but idle Remote Desktop Services sessions Set time limit for active Remote Desktop Services sessions Set time limit for active Remote Desktop Services sessions Do not delete temp folders upon exit Do not use temporary folders per session Allow .rdp files from unknown publishers Allow .rdp files from unknown publishers Allow .rdp files from valid publishers and user's default .rdp settings Allow .rdp files from valid publishers and user's default .rdp settings Specify SHA1 thumbprints of certificates representing trusted .rdp publishers Specify SHA1 thumbprints of certificates representing trusted .rdp publishers Prompt for credentials on the client computer Configure server authentication for client Configure image quality for RemoteFX Adaptive Graphics Configure RemoteFX Adaptive Graphics Configure compression for RemoteFX data Enable Remote Desktop Protocol 8.0 Optimize visual experience for Remote Desktop Service Sessions Allow RDP redirection of other supported RemoteFX USB devices from this computer Configure RemoteFX Optimize visual experience when using RemoteFX Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1 Specify default connection URL Select network detection on the server Select RDP transport protocols Configure the level of TPM owner authorization information available to the operating system Configure the list of blocked TPM commands Ignore the default list of blocked TPM commands Ignore the local list of blocked TPM commands Standard User Lockout Duration Standard User Individual Lockout Threshold Standard User Total Lockout Threshold Add the Administrators security group to roaming user profiles Do not check for user ownership of Roaming Profile Folders Connect home directory to root of the share Delete cached copies of roaming profiles Disable detection of slow network connections Prompt user when a slow network connection is detected Exclude directories in roaming profile Leave Windows Installer and Group Policy Software Installation Data Limit profile size Only allow local user profiles Establish timeout value for dialog boxes Do not log users on with temporary profiles Maximum retries to unload and update user profile Prevent Roaming Profile changes from propagating to the server Wait for remote user profile Control slow network connection timeout for user profiles Delete user profiles older than a specified number of days on system restart Specify network directories to sync at logon/logoff time only Do not forcefully unload the users registry at user logoff Set maximum wait time for the network if a user has a roaming user profile or remote home directory Set roaming profile path for all users logging onto this computer Set the schedule for background upload of a roaming user profile's registry file while user is logged on User management of sharing user name Download roaming profiles on primary computers only Set user home folder Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista) Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista) Choose default folder for recovery password Choose drive encryption method and cipher strength (Windows Vista Choose drive encryption method and cipher strength Prevent memory overwrite on restart Allow enhanced PINs for startup Configure use of passwords for operating system drives Reset platform validation data after BitLocker recovery Disallow standard users from changing the PIN or password Provide the unique identifiers for your organization Validate smart card certificate usage rule compliance Use enhanced Boot Configuration Data validation profile Choose how BitLocker-protected operating system drives can be recovered Enforce drive encryption type on operating system drives Require additional authentication at startup (Windows Server 2008 and Windows Vista) Require additional authentication at startup Allow network unlock at startup Configure TPM platform validation profile (Windows Vista Configure TPM platform validation profile for BIOS-based firmware configurations Configure TPM platform validation profile for native UEFI firmware configurations Configure minimum PIN length for startup Configure use of hardware-based encryption for operating system drives Enable use of BitLocker authentication requiring preboot keyboard input on slates Allow Secure Boot for integrity validation Choose how BitLocker-protected fixed drives can be recovered Configure use of passwords for fixed data drives Deny write access to fixed drives not protected by BitLocker Allow access to BitLocker-protected fixed data drives from earlier versions of Windows Configure use of smart cards on fixed data drives Enforce drive encryption type on fixed data drives Configure use of hardware-based encryption for fixed data drives Choose how BitLocker-protected removable drives can be recovered Control use of BitLocker on removable drives Configure use of passwords for removable data drives Deny write access to removable drives not protected by BitLocker Allow access to BitLocker-protected removable data drives from earlier versions of Windows Configure use of smart cards on removable data drives Enforce drive encryption type on removable data drives Configure use of hardware-based encryption for removable data drives Global Configuration Settings Configure Windows NTP Client Enable Windows NTP Client Enable Windows NTP Server Prohibit connection to non-domain networks when connected to domain authenticated network Minimize the number of simultaneous connections to the Internet or a Windows Domain Prohibit connection to roaming Mobile Broadband networks Disable power management in connected standby mode Diagnostics: Configure scenario retention Diagnostics: Configure scenario execution level Turn off Windows Calendar Turn off Windows Calendar Prevent the wizard from running. Prevent the wizard from running. Allow only system backup Disallow locally attached storage as backup target Disallow network as backup target Disallow optical media as backup target Disallow run-once backups Prohibit installing or uninstalling color profiles Prohibit installing or uninstalling color profiles Prohibit access of the Windows Connect Now wizards Prohibit access of the Windows Connect Now wizards Configuration of wireless settings using Windows Connect Now Allow antimalware service to startup with normal priority Turn on spyware definitions Turn on virus definitions Configure local administrator merge behavior for lists Turn on routine remediation Define addresses to bypass proxy server Define proxy server for connecting to the network Randomize scheduled task times Allow antimalware service to remain running always Extension Exclusions Path Exclusions Process Exclusions Turn on protocol recognition Turn on definition retirement Define the rate of detection events for logging IP address range Exclusions Port number Exclusions Process Exclusions for outbound traffic Threat ID Exclusions Specify additional definition sets for network traffic inspection Configure local setting override for the removal of items from Quarantine folder Configure removal of items from Quarantine folder Turn on behavior monitoring Turn on Information Protection Control Turn on network protection against exploits of known vulnerabilities Scan all downloaded files and attachments Monitor file and program activity on your computer Turn on raw volume write notifications Turn on real-time protection Turn on process scanning whenever real-time protection is enabled Define the maximum size of downloaded files and attachments to be scanned Configure local setting override for turn on behavior monitoring Configure local setting override for monitoring file and program activity on your computer Configure local setting override to turn off Intrusion Prevention System Configure local setting override for scanning all downloaded files and attachments Configure local setting override to turn on real-time protection Configure local setting override for monitoring for incoming and outgoing file activity Configure monitoring for incoming and outgoing file and program activity Configure local setting override for the time of day to run a scheduled full scan to complete remediation Specify the day of the week to run a scheduled full scan to complete remediation Specify the time of day to run a scheduled full scan to complete remediation Configure time out for detections requiring additional action Configure time out for detections in critically failed state Configure Watson events Configure time out for detections in non-critical failed state Configure time out for detections in recently remediated state Configure Windows software trace preprocessor components Configure WPP tracing level Allow users to pause scan Specify the maximum depth to scan archive files Specify the maximum size of archive files to be scanned Specify the maximum percentage of CPU utilization during a scan Check for the latest virus and spyware definitions before running a scheduled scan Scan archive files Turn on catch-up full scan Turn on catch-up quick scan Turn on e-mail scanning Turn on heuristics Scan packed executables Scan removable drives Turn on reparse point scanning Create a system restore point Run full scan on mapped network drives Scan network files Configure local setting override for maximum percentage of CPU utilization Configure local setting override for the scan type to use for a scheduled scan Configure local setting override for schedule scan day Configure local setting override for scheduled quick scan time Configure local setting override for scheduled scan time Turn on removal of items from scan history folder Specify the interval to run quick scans per day Start the scheduled scan only when computer is on but not in use Specify the scan type to use for a scheduled scan Specify the day of the week to run a scheduled scan Specify the time for a daily quick scan Specify the time of day to run a scheduled scan Define the number of days before spyware definitions are considered out of date Define the number of days before virus definitions are considered out of date Define file shares for downloading definition updates Turn on scan after signature update Allow definition updates when running on battery power Initiate definition update on startup Define the order of sources for downloading definition updates Allow definition updates from Microsoft Update Allow real-time definition updates based on reports to Microsoft MAPS Specify the day of the week to check for definition updates Specify the time to check for definition updates Allow notifications to disable definitions based reports to Microsoft MAPS Define the number of days after which a catch-up definition update is required Specify the interval to check for definition updates Check for the latest virus and spyware definitions on startup Configure local setting override for reporting to Microsoft MAPS Join Microsoft MAPS Specify threats upon which default action should not be taken when detected Specify threat alert levels at which default action should not be taken when detected Display notifications to clients when they need to perform actions Display additional text to clients when they need to perform an action Hide the common dialog back button Hide the dropdown list of recent files Hide the common dialog places bar Items displayed in Places Bar Turn on Classic Shell Display confirmation dialog when deleting files Allow only per user or approved shell extensions Do not track Shell shortcuts during roaming Maximum number of recent documents Turn off caching of thumbnail pictures Remove CD Burning features Remove UI to change menu animation setting Remove UI to change keyboard navigation indicator setting Remove DFS tab Hide these specified drives in My Computer No Entire Network in Network Locations Remove File menu from File Explorer Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon Remove Hardware tab Hides the Manage item on the File Explorer context menu Remove Shared Documents from My Computer Remove "Map Network Drive" and "Disconnect Network Drive" Do not move deleted files to the Recycle Bin Do not request alternate credentials Remove Security tab Remove Search button from File Explorer Remove File Explorer's default context menu Prevent access to drives from My Computer Turn off Windows+X hotkeys No Computers Near Me in Network Locations Request credentials for network installations Maximum allowed Recycle Bin size Turn off shell protocol protected mode Turn off shell protocol protected mode Remove the Search the Internet "Search again" link Pin Internet search sites to the "Search again" links and the Start menu Pin Libraries or Search Connectors to the "Search again" links and the Start menu Verify old and new Folder Redirection targets point to the same share before redirecting Disable Known Folders Turn off the display of snippets in Content view mode Turn off Windows Libraries features that rely on indexed file data Turn off display of recent search entries in the File Explorer search box Disable binding directly to IPropertySetStorage without intermediate layers. Disable binding directly to IPropertySetStorage without intermediate layers. Turn off numerical sorting in File Explorer Turn off numerical sorting in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow OpenSearch queries in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Allow previewing and custom thumbnails of OpenSearch query results in File Explorer Location where all default Library definition files for users/machines reside. Location where all default Library definition files for users/machines reside. Configure Windows SmartScreen Show lock in the user tile menu Show sleep in the power options menu Show hibernate in the power options menu Do not show the 'new application installed' notification Start File Explorer with ribbon minimized Start File Explorer with ribbon minimized Set a default associations configuration file Allow the use of remote paths in file shortcut icons Specify Windows File Protection cache location Limit Windows File Protection cache size Set Windows File Protection scanning Hide the file scan progress window Windows Firewall: Allow authenticated IPsec bypass Windows Firewall: Define inbound program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Allow inbound file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow logging Windows Firewall: Prohibit notifications Windows Firewall: Define inbound port exceptions Windows Firewall: Allow local port exceptions Windows Firewall: Allow inbound remote administration exception Windows Firewall: Allow inbound Remote Desktop exceptions Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Allow inbound UPnP framework exceptions Windows Firewall: Define inbound program exceptions Windows Firewall: Allow local program exceptions Windows Firewall: Protect all network connections Windows Firewall: Do not allow exceptions Windows Firewall: Allow inbound file and printer sharing exception Windows Firewall: Allow ICMP exceptions Windows Firewall: Allow logging Windows Firewall: Prohibit notifications Windows Firewall: Define inbound port exceptions Windows Firewall: Allow local port exceptions Windows Firewall: Allow inbound remote administration exception Windows Firewall: Allow inbound Remote Desktop exceptions Windows Firewall: Prohibit unicast response to multicast or broadcast requests Windows Firewall: Allow inbound UPnP framework exceptions Turn off Windows Mail application Turn off Windows Mail application Turn off the communities features Turn off the communities features Prevent Windows Media DRM Internet Access Prevent Automatic Updates Do Not Show First Use Dialog Boxes Prevent Video Smoothing Prevent CD and DVD Media Information Retrieval Prevent Media Sharing Prevent Music File Media Information Retrieval Prevent Quick Launch Toolbar Shortcut Creation Prevent Radio Station Preset Retrieval Prevent Desktop Shortcut Creation Allow Screen Saver Prevent Codec Download Do Not Show Anchor Hide Privacy Tab Hide Security Tab Set and Lock Skin Configure HTTP Proxy Configure MMS Proxy Configure RTSP Proxy Hide Network Tab Configure Network Buffering Streaming Media Protocols Do not automatically start Windows Messenger initially Do not automatically start Windows Messenger initially Do not allow Windows Messenger to be run Do not allow Windows Messenger to be run Allow Basic authentication Allow unencrypted traffic Disallow Digest authentication Disallow Negotiate authentication Disallow Kerberos authentication Allow CredSSP authentication Trusted Hosts Allow remote server management through WinRM Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box Remove access to use all Windows Update features Configure Automatic Updates Specify intranet Microsoft update service location Automatic Updates detection frequency Allow non-administrators to receive update notifications Allow Automatic Updates immediate installation Turn on recommended updates via Automatic Updates Turn on Software Notifications Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates No auto-restart with logged on users for scheduled automatic updates installations Always automatically restart at the scheduled time Re-prompt for restart with scheduled installations Delay Restart for scheduled installations Reschedule Automatic Updates scheduled installations Enable client-side targeting Allow signed updates from an intranet Microsoft update service location Turn off legacy remote shutdown interface Timeout for hung logon sessions during shutdown Require use of fast startup Display information about previous logons during user logon Remove logon hours expiration warnings Set action to take when logon hours expire Disable or enable software Secure Attention Sequence Specify Work Folders settings Turn off tile notifications Turn off toast notifications Turn off toast notifications on the lock screen Turn off notifications network usage Turn off Quiet Hours Set the time Quiet Hours begins each day Set the time Quiet Hours ends each day Turn off calls during Quiet Hours Set 3G Cost Set 4G Cost Scope New in 8.1 Policy Path Registry Information Supported On Help Text Machine FALSE Windows Components\ActiveX Installer Service HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList Machine FALSE Windows Components\ActiveX Installer Service HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!DefaultCategory Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromCDorFloppy Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromInternet Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddFromNetwork Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddPage Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoAddRemovePrograms Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoChooseProgramsPage Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoRemovePage Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoServices Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoSupportInfo Windows Server 2003 User FALSE Control Panel\Add or Remove Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall!NoWindowsSetupPage Windows Server 2003 Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!VDMDisallowed At least Windows Server 2003 Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePropPage At least Windows Server 2003 This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!AITEnable At least Windows Server 2008 R2 or Windows 7 The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!SbEnable At least Windows Server 2008 R2 or Windows 7 The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableEngine At least Windows Server 2003 This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes User FALSE Windows Components\Application Compatibility HKCU\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA At least Windows Vista This setting exists only for backward compatibility Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePCA At least Windows Vista This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableUAR At least Windows Server 2008 R2 or Windows 7 This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input Machine FALSE Windows Components\Application Compatibility HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableInventory At least Windows Server 2008 R2 or Windows 7 This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications Machine FALSE Windows Components\App Package Deployment HKLM\Software\Policies\Microsoft\Windows\Appx!AllowAllTrustedApps At least Windows Server 2012 Machine FALSE Windows Components\App Package Deployment HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDeploymentInSpecialProfiles At least Windows Server 2012 Machine TRUE Windows Components\App Package Deployment HKLM\Software\Policies\Microsoft\Windows\Appx!AllowDevelopmentWithoutDevLicense At least Windows Server 2012 Machine FALSE Windows Components\App runtime HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation At least Windows Server 2012 User FALSE Windows Components\App runtime HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockFileElevation At least Windows Server 2012 Machine FALSE Windows Components\App runtime HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation At least Windows Server 2012 User FALSE Windows Components\App runtime HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!BlockProtocolElevation At least Windows Server 2012 User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!ScanWithAntiVirus At least Windows XP Professional with SP2 This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!UseTrustedHandlers At least Windows XP Professional with SP2 This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!SaveZoneInformation At least Windows XP Professional with SP2 This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments!HideZoneInfoOnProperties At least Windows XP Professional with SP2 This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!DefaultFileTypeRisk At least Windows XP Professional with SP2 This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!HighRiskFileTypes At least Windows XP Professional with SP2 This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!LowRiskFileTypes At least Windows XP Professional with SP2 This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types User FALSE Windows Components\Attachment Manager HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations!ModRiskFileTypes At least Windows XP Professional with SP2 This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun At least Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista User FALSE Windows Components\AutoPlay Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun At least Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox At least Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting User FALSE Windows Components\AutoPlay Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DontSetAutoplayCheckbox At least Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun At least Windows 2000 This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result User FALSE Windows Components\AutoPlay Policies HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun At least Windows 2000 This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result Machine FALSE Windows Components\AutoPlay Policies HKLM\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume At least Windows Server 2008 R2 or Windows 7 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting User FALSE Windows Components\AutoPlay Policies HKCU\Software\Policies\Microsoft\Windows\Explorer!NoAutoplayfornonVolume At least Windows Server 2008 R2 or Windows 7 This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics!Enabled At least Windows Server 2008 R2 or Windows 7 This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Enabled At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!Domain Accounts At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default Machine FALSE Windows Components\Biometrics HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider!SwitchTimeoutInSeconds At least Windows Server 2008 R2 or Windows 7 This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!JobInactivityTimeout Windows XP or Windows Server 2003 Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxDownloadTime At least Windows Vista This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!EnablePeercaching At least Windows Vista This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxContentAge At least Windows Vista This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxCacheSize At least Windows Vista This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingClient At least Windows Vista This policy setting specifies whether the computer will act as a BITS peer caching client. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!DisablePeerCachingServer At least Windows Vista This policy setting specifies whether the computer will act as a BITS peer caching server. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxBandwidthServed At least Windows Vista This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerMachine At least Windows Vista This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxJobsPerUser At least Windows Vista This policy setting limits the number of BITS jobs that can be created by a user. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxFilesPerJob At least Windows Vista This policy setting limits the number of files that a BITS job can contain. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!MaxRangesPerFile At least Windows Vista This policy setting limits the number of ranges that can be added to a file in a BITS job. By default Machine FALSE Network\Background Intelligent Transfer Service (BITS) HKLM\Software\Policies\Microsoft\Windows\BITS!DisableBranchCache Windows 7 or computers with BITS 3.5 installed. This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer Machine FALSE Windows Components\Windows Customer Experience Improvement Program HKLM\Software\Policies\Microsoft\SQMClient!CorporateSQMURL At least Windows Vista If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server. Machine FALSE Windows Components\Windows Customer Experience Improvement Program HKLM\Software\Policies\Microsoft\SQMClient\Windows!StudyId Machine FALSE Network\SSL Configuration Settings HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002!Functions At least Windows Vista This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting User FALSE System HKCU\Software\Policies\Microsoft\Windows\App Management!COMClassStore At least Windows 2000 This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\App Management!COMClassStore At least Windows 2000 This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoAppSharing at least Windows NetMeeting v3.0 Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoAllowControl at least Windows NetMeeting v3.0 Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharing at least Windows NetMeeting v3.0 Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDosWindows at least Windows NetMeeting v3.0 Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharingDesktop at least Windows NetMeeting v3.0 Prevents users from sharing the whole desktop. They will still be able to share individual applications. User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoSharingExplorer at least Windows NetMeeting v3.0 Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications User FALSE Windows Components\NetMeeting\Application Sharing HKCU\Software\Policies\Microsoft\Conferencing!NoTrueColorSharing at least Windows NetMeeting v3.0 Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoAudio at least Windows NetMeeting v3.0 Disables the audio feature of NetMeeting. Users will not be able to send or receive audio. User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoChangeDirectSound at least Windows NetMeeting v3.0 Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoFullDuplex at least Windows NetMeeting v3.0 Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingVideo at least Windows NetMeeting v3.0 Prevents users from receiving video. Users will still be able to send video provided they have the hardware." User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!NoSendingVideo at least Windows NetMeeting v3.0 Prevents users from sending video if they have the hardware. Users will still be able to receive video from others. User FALSE Windows Components\NetMeeting\Audio & Video HKCU\Software\Policies\Microsoft\Conferencing!MaximumBandwidth at least Windows NetMeeting v3.0 Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!PersistAutoAcceptCalls at least Windows NetMeeting v3.0 Make the automatic acceptance of incoming calls persistent. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoChat at least Windows NetMeeting v3.0 Disables the Chat feature of NetMeeting. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoNewWhiteBoard at least Windows NetMeeting v3.0 Disables the T.126 whiteboard feature of NetMeeting. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoOldWhiteBoard at least Windows NetMeeting v3.0 Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it. Machine FALSE Windows Components\NetMeeting HKLM\Software\Policies\Microsoft\Conferencing!NoRDS at least Windows NetMeeting v3.0 Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!Use AutoConfig User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoAddingDirectoryServers at least Windows NetMeeting v3.0 Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoAutoAcceptCalls at least Windows NetMeeting v3.0 Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoChangingCallMode at least Windows NetMeeting v3.0 Prevents users from changing the way calls are placed User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoDirectoryServices at least Windows NetMeeting v3.0 Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book." User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoReceivingFiles at least Windows NetMeeting v3.0 Prevents users from receiving files from others in a conference. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoSendingFiles at least Windows NetMeeting v3.0 Prevents users from sending files to others in a conference. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!NoWebDirectory at least Windows NetMeeting v3.0 Prevents users from viewing directories as Web pages in a browser. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!MaxFileSendSize at least Windows NetMeeting v3.0 Limits the size of files users can send to others in a conference. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!IntranetSupportURL at least Windows NetMeeting v3.0 Sets the URL NetMeeting will display when the user chooses the Help Online Support command. User FALSE Windows Components\NetMeeting HKCU\Software\Policies\Microsoft\Conferencing!CallSecurity at least Windows NetMeeting v3.0 Sets the level of security for both outgoing and incoming NetMeeting calls. User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoAdvancedCalling at least Windows NetMeeting v3.0 Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoAudioPage at least Windows NetMeeting v3.0 Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoGeneralPage at least Windows NetMeeting v3.0 Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoSecurityPage at least Windows NetMeeting v3.0 Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. User FALSE Windows Components\NetMeeting\Options Page HKCU\Software\Policies\Microsoft\Conferencing!NoVideoPage at least Windows NetMeeting v3.0 Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceClassicControlPanel At least Windows Server 2003 operating systems or Windows XP Professional This policy setting controls the default Control Panel view User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoControlPanel At least Windows 2000 Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe User FALSE Control Panel HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl User FALSE Control Panel\Display HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispCPL At least Windows 2000 Disables the Display Control Panel.If you enable this setting User FALSE Control Panel\Display HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispSettingsPage Windows Server 2003 User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispAppearancePage At least Windows 2000 Disables the Color (or Window Color) page in the Personalization Control Panel User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispScrSavPage At least Windows 2000 Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveActive At least Windows 2000 Service Pack 1 Enables desktop screen savers.If you disable this setting User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!SCRNSAVE.EXE At least Windows 2000 Service Pack 1 Specifies the screen saver for the user's desktop.If you enable this setting User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaverIsSecure At least Windows 2000 Service Pack 1 Determines whether screen savers used on the computer are password protected.If you enable this setting User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveTimeOut At least Windows 2000 Service Pack 1 Specifies how much user idle time must elapse before the screen saver is launched.When configured User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoChangingWallPaper At least Windows 2000 Prevents users from adding or changing the background design of the desktop.By default User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingSoundScheme At least Windows Server 2008 R2 or Windows 7 Prevents users from changing the sound scheme.By default User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Personalization!NoChangingMousePointers At least Windows Server 2008 R2 or Windows 7 Prevents users from changing the mouse pointers.By default User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoDispBackgroundPage At least Windows 2000 Prevents users from changing the desktop icons.By default User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoColorChoice Windows Server 2008 User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThemesTab At least Windows Server 2003 operating systems or Windows XP Professional This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting User FALSE Control Panel\Personalization HKCU\Software\Policies\Microsoft\Windows\Personalization!ThemeFile At least Windows Server 2008 R2 or Windows 7 Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoVisualStyleChoice At least Windows Server 2003 operating systems or Windows XP Professional Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!SetVisualStyle At least Windows Server 2003 operating systems or Windows XP Professional This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles) User FALSE Control Panel\Personalization HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!NoSizeChoice Windows Server 2003 Machine FALSE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreen At least Windows Server 2012 Machine FALSE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingLockScreen At least Windows Server 2012 Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenSlideshow At least Windows Server 2012 R2 Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoLockScreenCamera At least Windows Server 2012 R2 Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!ForceStartBackground At least Windows Server 2012 R2 Machine FALSE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!NoChangingStartMenuBackground At least Windows Server 2012 Machine TRUE Control Panel\Personalization HKLM\Software\Policies\Microsoft\Windows\Personalization!LockScreenImage At least Windows Server 2012 Machine FALSE Control Panel\User Accounts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!UseDefaultTile At least Windows Vista This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DefaultLogonDomain At least Windows Vista This policy setting specifies a default logon domain Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ExcludedCredentialProviders At least Windows Vista This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainPINLogon At least Windows Server 2012 Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!BlockDomainPicturePassword At least Windows Server 2012 Machine TRUE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!AllowDomainDelayLock At least Windows Server 2012 Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials Machine FALSE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials Machine TRUE System\Credentials Delegation HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!RestrictedRemoteAdministration At least Windows Server 2012 R2 Machine FALSE Windows Components\Credential User Interface HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnumerateAdministrators At least Windows Vista This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default Machine FALSE Windows Components\Credential User Interface HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnableSecureCredentialPrompting At least Windows Vista This policy setting requires the user to enter Microsoft Windows credentials using a trusted path Machine FALSE Windows Components\Credential User Interface HKLM\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal At least Windows Server 2012 User FALSE Windows Components\Credential User Interface HKCU\Software\Policies\Microsoft\Windows\CredUI!DisablePasswordReveal At least Windows Server 2012 User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableChangePassword At least Windows 2000 This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableLockWorkstation At least Windows 2000 This policy setting prevents users from locking the system.While locked User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableTaskMgr At least Windows 2000 This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers User FALSE System\Ctrl+Alt+Del Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoLogoff At least Windows 2000 This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting Machine FALSE System\Distributed COM\Application Compatibility Settings HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!AllowLocalActivationSecurityCheckExemptionList At least Windows XP Professional with SP2 Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting Machine FALSE System\Distributed COM\Application Compatibility Settings HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceActiveDesktopOn Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktop Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoActiveDesktopChanges Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoAddingComponents Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoClosingComponents Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoDeletingComponents Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoEditingComponents Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoComponents Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop!NoHTMLWallPaper Windows Server 2003 User FALSE Desktop\Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper User FALSE Desktop\Active Directory HKCU\Software\Policies\Microsoft\Windows\Directory UI!EnableFilter At least Windows 2000 Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting User FALSE Desktop\Active Directory HKCU\Software\Policies\Microsoft\Windows\Directory UI!HideDirectoryFolder Windows 2000 only Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting User FALSE Desktop\Active Directory HKCU\Software\Policies\Microsoft\Windows\Directory UI!QueryLimit At least Windows 2000 Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisablePersonalDirChange At least Windows 2000 Prevents users from changing the path to their profile folders.By default User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktop At least Windows 2000 Removes icons User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDesktopCleanupWizard Windows Server 2003 and Windows XP only Prevents users from using the Desktop Cleanup Wizard.If you enable this setting User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetIcon At least Windows 2000 Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods. User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{20D04FE0-3AEA-1069-A2D8-08002B30309D} At least Windows Server 2003 operating systems or Windows XP Professional This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{450D8FBA-AD25-11D0-98A8-0800361B1103} Windows Server 2003 User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetHood At least Windows 2000 Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyComputer At least Windows 2000 Service Pack 3 This setting hides Properties on the context menu for Computer.If you enable this setting User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesMyDocuments Windows Server 2003 User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsNetHood Windows Server 2003 User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum!{645FF040-5081-101B-9F08-00AA002F954E} At least Windows Server 2003 operating systems or Windows XP Professional Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPropertiesRecycleBin At least Windows Server 2003 operating systems or Windows XP Professional Removes the Properties option from the Recycle Bin context menu.If you enable this setting User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSaveSettings At least Windows 2000 Prevents users from saving certain changes to the desktop.If you enable this setting TRUE User FALSE Desktop HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMovingBands At least Windows 2000 Prevents users from adjusting the length of desktop toolbars. Also User FALSE Desktop HKCU\Software\Policies\Microsoft\Windows\Explorer!NoWindowMinimizingShortcuts At least Windows Server 2008 R2 or Windows 7 Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy Machine FALSE Windows Components\Device and Driver Compatibility HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDeviceFlags At least Windows Server 2012 Machine FALSE Windows Components\Device and Driver Compatibility HKLM\System\CurrentControlSet\Policies\Microsoft\Compatibility!DisableDriverShims At least Windows Server 2012 Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllSigningEqual At least Windows Vista This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!InstallTimeout At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSystemRestore At least Windows Vista This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllowRemoteRPC Windows Server 2008 Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowAdminInstall At least Windows Vista This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyRemovableDevices At least Windows Vista This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyUnspecified At least Windows Vista This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!SimpleText At least Windows Vista This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting Machine FALSE System\Device Installation\Device Installation Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicy!DetailText At least Windows Vista This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting Machine FALSE System\Driver Installation HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses User FALSE System\Driver Installation HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing!BehaviorOnFailedVerify Windows Server 2003 Machine FALSE System\Device Redirection\Device Redirection Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!AllowRedirect At least Windows Server 2008 R2 or Windows 7 This policy setting prevents redirection of USB devices.If you enable this setting Machine FALSE System\Device Redirection\Device Redirection Restrictions HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableBalloonTips At least Windows Vista This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendGenericDriverNotFoundToWER At least Windows Vista Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendRequestAdditionalSoftwareToWER At least Windows Server 2008 R2 or Windows 7 Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting User FALSE System\Driver Installation HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies User FALSE System\Driver Installation HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate Windows Server 2008 Machine FALSE System\Driver Installation HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate Windows Server 2008 Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DriverSearching!SearchOrderConfig At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting Machine FALSE System\Device Installation HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DriverServerSelection At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting Machine FALSE System\Device Installation HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata!PreventDeviceMetadataFromNetwork At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting Machine FALSE Network HKLM\Software\Policies\Microsoft\System\DFSClient!DfsDcNameDelay At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default User FALSE Windows Components\Digital Locker HKCU\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker At least Windows Vista Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Machine FALSE Windows Components\Digital Locker HKLM\SOFTWARE\Policies\Microsoft\Windows\Digital Locker!DoNotRunDigitalLocker At least Windows Vista Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Machine FALSE System\Troubleshooting and Diagnostics\Disk Diagnostic HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!DfdAlertTextOverride Windows Server 2008 with Desktop Experience installed or Windows Vista This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting Machine FALSE System\Troubleshooting and Diagnostics\Disk Diagnostic HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!OptimizeBootAndResume At least Windows Vista This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!EnablePowerModeState At least Windows Vista This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableNvCache At least Windows Vista This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system Machine FALSE System\Disk NV Cache HKLM\Software\Policies\Microsoft\Windows\NvCache!EnableSolidStateMode At least Windows Vista This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enable At least Windows 2000 This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Enforce At least Windows 2000 This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!Limit Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverLimit At least Windows 2000 This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!LogEventOverThreshold At least Windows 2000 This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting Machine FALSE System\Disk Quotas HKLM\Software\Policies\Microsoft\Windows NT\DiskQuota!ApplyToRemovableMedia At least Windows 2000 This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!DLT_AllowDomainMode Windows Server 2003 Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!AdapterDomainName Windows XP Professional only Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!NameServer Windows XP Professional only Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\System\DNSClient!NV PrimaryDnsSuffix At least Windows 2000 Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterAdapterName At least Windows Server 2003 operating systems or Windows XP Professional Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegisterReverseLookup At least Windows Server 2003 operating systems or Windows XP Professional Specifies if DNS client computers will register PTR resource records.By default Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationEnabled At least Windows Server 2003 operating systems or Windows XP Professional Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationOverwritesInConflict Windows XP Professional only Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationRefreshInterval At least Windows Server 2003 operating systems or Windows XP Professional Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!RegistrationTtl At least Windows Server 2003 operating systems or Windows XP Professional Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!SearchList At least Windows Server 2003 operating systems or Windows XP Professional Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateSecurityLevel At least Windows Server 2003 operating systems or Windows XP Professional Specifies the security level for dynamic DNS updates.To use this policy setting Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UpdateTopLevelDomainZones At least Windows Server 2003 operating systems or Windows XP Professional Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!UseDomainNameDevolution At least Windows Server 2003 operating systems or Windows XP Professional Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartNameResolution At least Windows Server 2012 Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableSmartProtocolReordering At least Windows Server 2012 Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!QueryNetBTFQDN At least Windows Server 2012 Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!PreferLocalOverLowerBindingDNS At least Windows Server 2012 Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!DisableIdnEncoding At least Windows Server 2012 Machine FALSE Network\DNS Client HKLM\Software\Policies\Microsoft\Windows NT\DNSClient!EnableIdnMapping At least Windows Server 2012 User FALSE Windows Components\Desktop Window Manager HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations At least Windows Vista This policy setting controls the appearance of window animations such as those found when restoring Machine FALSE Windows Components\Desktop Window Manager HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowAnimations At least Windows Vista This policy setting controls the appearance of window animations such as those found when restoring User FALSE Windows Components\Desktop Window Manager HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d Windows Server 2008 Machine FALSE Windows Components\Desktop Window Manager HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowFlip3d Windows Server 2008 Machine FALSE Windows Components\Desktop Window Manager HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisableAccentGradient At least Windows Server 2012 User FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState Machine FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState User FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges At least Windows Vista This policy setting controls the ability to change the color of window frames. If you enable this policy setting Machine FALSE Windows Components\Desktop Window Manager\Window Frame Coloring HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DisallowColorizationColorChanges At least Windows Vista This policy setting controls the ability to change the color of window frames. If you enable this policy setting User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!misconvlogging At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!SaveAutoTuneDataToFile At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!UseHistorybasedPredictiveInput At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!OpenExtendedDict At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!SearchPlugin At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\shared!UserDict At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!CodeAreaForConversion At least Windows Server 2012 User FALSE Windows Components\IME HKCU\software\policies\microsoft\ime\imejp!ShowOnlyPublishingStandardGlyph At least Windows Server 2012 Machine FALSE \Early Launch Antimalware HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy User FALSE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!TurnOffBackstack At least Windows Server 2012 User FALSE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!DisableMFUTracking At least Windows Server 2012 User TRUE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!AppSwitching At least Windows Server 2012 R2 User TRUE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!Charms At least Windows Server 2012 R2 User TRUE Windows Components\Edge UI HKCU\Software\Policies\Microsoft\Windows\EdgeUI!WinX At least Windows Server 2012 R2 Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoEncryptOnMove At least Windows 2000 This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!RootHubConnectedEnStorDevices At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!LockDeviceOnMachineLock At least Windows Server 2008 R2 or Windows 7 This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisallowLegacyDiskDevices At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!DisablePasswordAuthentication At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices!TCGSecurityActivationDisabled At least Windows Server 2008 R2 or Windows 7 This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy Machine FALSE System\Enhanced Storage Access HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled Machine FALSE Windows Components\Windows Error Reporting HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL Machine FALSE Windows Components\Windows Error Reporting HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled At least Windows Vista This policy setting turns off Windows Error Reporting Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled At least Windows Vista This policy setting turns off Windows Error Reporting Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontShowUI At least Windows Vista This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled At least Windows Vista This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled At least Windows Vista This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData At least Windows Vista This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData At least Windows Vista This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether Windows Error Reporting (WER) sends additional Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassDataThrottling At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether Windows Error Reporting (WER) sends additional User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling At least Windows Server 2012 Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassPowerThrottling At least Windows Server 2012 User FALSE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling At least Windows Server 2012 Machine FALSE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!BypassNetworkCostThrottling At least Windows Server 2012 User TRUE Windows Components\Windows Error Reporting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!AutoApproveOSDumps This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products Machine TRUE Windows Components\Windows Error Reporting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!AutoApproveOSDumps This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\ExclusionList Windows Server 2003 and Windows XP only This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\InclusionList Windows Server 2003 and Windows XP only This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeKernelFaults Windows Server 2003 and Windows XP only This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer User FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications At least Windows Vista This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplications At least Windows Vista This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue User FALSE Windows Components\Windows Error Reporting\Consent HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent At least Windows Vista This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting\Consent HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent At least Windows Vista This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting\Consent HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior At least Windows Vista This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting\Consent HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultOverrideBehavior At least Windows Vista This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting User FALSE Windows Components\Windows Error Reporting\Consent HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent At least Windows Vista This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting Machine FALSE Windows Components\Windows Error Reporting\Consent HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Consent!DefaultConsent At least Windows Vista This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting Machine FALSE HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager At least Windows Vista Machine FALSE HKLM\Software\Policies\Microsoft\Windows\EventLog\EventForwarding!MaxForwardingRate At least Windows Vista Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Application HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Security HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!Enabled At least Windows Vista This policy setting turns on logging.If you enable or do not configure this policy setting Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\Setup HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!AutoBackupLogFiles At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!ChannelAccess At least Windows Vista This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!Retention At least Windows Vista This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!File At least Windows Vista This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting Machine FALSE Windows Components\Event Log Service\System HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSize At least Windows Vista This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting Machine FALSE Windows Components\Event Viewer HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgram At least Windows XP Professional with SP2 This is the program that will be invoked when the user clicks the events.asp link. Machine FALSE Windows Components\Event Viewer HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionProgramCommandLineParameters At least Windows XP Professional with SP2 This specifies the command line parameters that will be passed to the events.asp program Machine FALSE Windows Components\Event Viewer HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftRedirectionURL At least Windows XP Professional with SP2 This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!AlwaysShowClassicMenu At least Windows Vista This policy setting configures File Explorer to always display the menu bar.Note: By default User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreventItemCreationInUsersFilesFolder At least Windows Vista This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TurnOffSPIAnimations At least Windows Vista This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios. Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention At least Windows Server 2008 R2 or Windows 7 Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!NoHeapTerminationOnCorruption At least Windows Vista Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!AdminInfoUrl At least Windows Server 2008 R2 or Windows 7 Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. Machine FALSE Windows Components\Portable Operating System HKLM\Software\Policies\Microsoft\PortableOperatingSystem!Launcher At least Windows Server 2012 Machine FALSE Windows Components\Portable Operating System HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Hibernate At least Windows Server 2012 Machine FALSE Windows Components\Portable Operating System HKLM\System\CurrentControlSet\Policies\Microsoft\PortableOperatingSystem!Sleep At least Windows Server 2012 Machine FALSE Windows Components\File History HKLM\Software\Policies\Microsoft\Windows\FileHistory!Disabled At least Windows Server 2012 Machine FALSE System\Troubleshooting and Diagnostics\Corrupted File Recovery HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled Machine FALSE System\File Share Shadow Copy Agent HKLM\Software\Policies\Microsoft\Windows\fssAgent!MaximumShadowCopyAgeInHours At least Windows Server 2012 Machine FALSE System\File Share Shadow Copy Provider HKLM\Software\Policies\Microsoft\Windows\fssProv!EncryptProtocol At least Windows Server 2012 Machine FALSE System\Filesystem HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsDisableCompression Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsDisableEncryption Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsEncryptPagingFile Encrypting the page file prevents malicious users from reading data that has been paged to disk Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsDisable8dot3NameCreation These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility Machine FALSE System\Filesystem HKLM\System\CurrentControlSet\Policies!DisableDeleteNotification Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0 Machine FALSE System\Filesystem\NTFS HKLM\System\CurrentControlSet\Policies!NtfsEnableTxfDeprecatedFunctionality TXF deprecated features included savepoints User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths At least Windows Vista This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\NetCache!DisableFRAdminPin At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to control whether all redirected shell folders User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder Machine FALSE System\Folder Redirection HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!LocalizeXPRelativePaths At least Windows Vista This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!FolderRedirectionEnableCacheRename At least Windows Server 2012 User FALSE System\Folder Redirection HKCU\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR At least Windows Server 2012 Machine FALSE System\Folder Redirection HKLM\Software\Policies\Microsoft\Windows\System\Fdeploy!PrimaryComputerEnabledFR At least Windows Server 2012 User FALSE Windows Components\File Explorer\Explorer Frame Pane HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPreviewPane At least Windows Vista This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane User FALSE Windows Components\File Explorer\Explorer Frame Pane HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoReadingPane At least Windows Vista Hides the Preview Pane in File Explorer.If you enable this policy setting Machine FALSE System\Troubleshooting and Diagnostics\Fault Tolerant Heap HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled Machine FALSE Windows Components\Game Explorer HKLM\Software\Policies\Microsoft\Windows\GameUX!DownloadGameInfo At least Windows Vista Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting Machine FALSE Windows Components\Game Explorer HKLM\Software\Policies\Microsoft\Windows\GameUX!ListRecentlyPlayed At least Windows Vista Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting Machine FALSE Windows Components\Game Explorer HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions At least Windows Vista Manages download of game update information from Windows Metadata Services.If you enable this setting User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect At least Windows Vista This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!CustomLocalesNoSelect At least Windows Vista This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!BlockUserInputMethodsForSignIn At least Windows Server 2012 User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange At least Windows Vista This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!PreventGeoIdChange At least Windows Vista This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting User FALSE System\Locale Services HKCU\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides At least Windows Vista This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides Machine FALSE System\Locale Services HKLM\Software\Policies\Microsoft\Control Panel\International!PreventUserOverrides At least Windows Vista This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideAdminOptions At least Windows Vista This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideCurrentLocation At least Windows Vista This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideLanguageSelection At least Windows Vista This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!HideLocaleSelectAndCustomize At least Windows Vista This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting Machine FALSE Control Panel\Regional and Language Options HKLM\Software\Policies\Microsoft\MUI\Settings!PreferredUILanguages At least Windows Vista This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\Desktop!PreferredUILanguages At least Windows Vista This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting Machine FALSE Control Panel\Regional and Language Options HKLM\Software\Policies\Microsoft\MUI\Settings!MachineUILock At least Windows Vista This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\Desktop!MultiUILanguageID At least Windows 2000 This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffOfferTextPredictions At least Windows Vista This policy turns off the offer text predictions as I type option. This does not User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffInsertSpace At least Windows Vista This policy turns off the insert a space after selecting a text prediction option. This does not User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffAutocorrectMisspelledWords At least Windows Vista This policy turns off the autocorrect misspelled words option. This does not User FALSE Control Panel\Regional and Language Options HKCU\Software\Policies\Microsoft\Control Panel\International!TurnOffHighlightMisspelledWords At least Windows Vista This policy turns off the highlight misspelled words option. This does not Machine FALSE Control Panel\Regional and Language Options HKLM\Software\Policies\Microsoft\Control Panel\International!BlockCleanupOfUnusedPreinstalledLangPacks At least Windows Server 2012 User FALSE System HKCU\Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax!1 At least Windows 2000 This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly User FALSE Control Panel\Regional and Language Options\Handwriting personalization HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection Machine FALSE Control Panel\Regional and Language Options\Handwriting personalization HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!ProcessTSUserLogonAsync At least Windows Server 2008 This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default Machine TRUE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization Machine TRUE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!ResetDfsClientInfoDuringRefreshPolicy At least Windows Server 2012 Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DisableAOACProcessing At least Windows Server 2012 Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDefaultForDirectAccess At least Windows Server 2012 Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!SlowlinkDefaultToAsync At least Windows Vista This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DisableLGPOProcessing At least Windows Vista This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GpNetworkStartTimeoutPolicyValue At least Windows Vista This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!AllowX-ForestPolicy-and-RUP At least Windows Server 2003 This policy setting allows user-based policy processing Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser At least Windows Server 2003 operating systems or Windows XP Professional This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DenyRsopToInteractiveUser At least Windows Server 2003 operating systems or Windows XP Professional This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DisableAutoADMUpdate Windows Server 2003 Machine FALSE System\Group Policy HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableBkGndGroupPolicy At least Windows 2000 This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!DenyUsersFromMachGP At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!ShowPoliciesOnly At least Windows 2000 This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!DCOption At least Windows 2000 This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate At least Windows 2000 This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!GPODisplayName At least Windows 2000 This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured User FALSE System\Group Policy HKCU\Software\Policies\Microsoft\Windows\Group Policy Editor!NewGPOLinksDisabled At least Windows 2000 This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy!OnlyUseLocalAdminFiles Windows Server 2003 and Windows XP only This policy setting lets you always use local ADM files for the Group Policy snap-in.By default Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!RSoPLogging At least Windows Server 2003 operating systems or Windows XP Professional This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!UserPolicyMode At least Windows 2000 This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\System!CorpConnStartTimeoutPolicyValue At least Windows Server 2012 Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel Machine FALSE System\Group Policy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink Machine FALSE System\Group Policy\Logging and tracing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{6A712058-33C6-4046-BCF9-0EA3A8808EDC}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0DA274B5-EB93-47A7-AAFB-65BA532D3FE6}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{17C6249E-BA57-4F69-AE93-4FB3D25CD9D7}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{1612b55c-243c-48dd-a449-ffc097b19776}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{35141B6B-498A-4cc7-AD59-CEF93D89B2CE}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3BAE7E51-E3F4-41D0-853D-9BB9FD47605F}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3EC4E9D3-714D-471F-88DC-4DD4471AAB47}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{5C935941-A954-4F7C-B507-885941ECE5C4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{79F92669-4224-476c-9C5C-6EFB4D87DF4A}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{9AD2BAFE-63B4-4883-A08C-C3C6196BCAFD}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{CAB54552-DEEA-4691-817E-ED4A4D1AFC72}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{CF848D48-888D-4F45-B530-6A201E62A605}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{127537A8-C1ED-40BC-9AE5-C5891DF6B2D4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{45B01F1C-5AC2-458c-9457-42A81B34A26D}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!HelpQualifiedRootDir At least Internet Explorer 6 Service Pack 1 This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively User FALSE System HKCU\Software\Policies\Microsoft\Windows\System!DisableInHelp At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!DisableInHelp At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows\System!DisableHHDEP At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting Machine FALSE Windows Components\Online Assistance HKLM\Software\Policies\Microsoft\Assistance\Client\1.0!NoActiveHelp At least Windows Vista This policy setting specifies whether active content links in trusted assistance content are rendered. By default User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoExplicitFeedback At least Windows Vista This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoImplicitFeedback At least Windows Vista This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Assistance\Client\1.0!NoOnlineAssist At least Windows Vista This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting Machine FALSE Network\Hotspot Authentication HKLM\Software\Policies\Microsoft\Windows\HotspotAuthentication!Enabled At least Windows Server 2012 User FALSE System\Internet Communication Management HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication Machine FALSE System\Internet Communication Management HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot!DisableRootAutoUpdate At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting At least Windows XP Professional with SP2 This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload At least Windows XP Professional with SP2 This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate Windows Server 2008 Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\EventViewer!MicrosoftEventVwrDisableLinks At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!Headlines At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\PCHealth\HelpSvc!MicrosoftKBSearch At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control!NoRegistration At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!DisableWindowsUpdateAccess At least Windows Server 2003 operating systems Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith Windows Server 2008 Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith Windows Server 2008 User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith At least Windows Server 2012 Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\Explorer!NoUseStoreOpenWith At least Windows Server 2012 User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the tasks "Publish this file to the Web Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether the tasks "Publish this file to the Web User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Messenger\Client!CEIP At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP At least Windows Server 2003 operating systems or Windows XP Professional with SP2 This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\SQMClient\Windows!CEIPEnable At least Windows Vista This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!NoActiveProbe At least Windows Vista This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level Machine FALSE Windows Components\Internet Information Services HKLM\Software\Policies\Microsoft\Windows NT\IIS!PreventIISInstall Windows Server 2003 only "This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A} User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{DED22F57-FEE2-11D0-953B-00C04FD9152D} At least Internet Explorer 5.0 Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2D360201-FFF5-11D1-8D03-00A0C959BC0A} At least Internet Explorer 5.0 This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D27CDB6E-AE6D-11CF-96B8-444553540000} At least Internet Explorer 5.0 Designates Shockwave flash as an administrator approved control.If you enable this policy User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93} User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67} User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} At least Internet Explorer 5.0 Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{D6526FE0-E651-11CF-99CB-00C04FD64497} At least Internet Explorer 5.0 Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{2FF18E10-DE11-11D1-8161-00A0C90DD90C} At least Internet Explorer 5.0 Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{26F24A93-1DA2-11D0-A334-00AA004A5FC5} At least Internet Explorer 5.0 Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{AE24FDAE-03C6-11D1-8B76-0080C744F389} At least Internet Explorer 5.0 Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy User FALSE Windows Components\Internet Explorer\Administrator Approved Controls HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{BD1F006E-174F-11D2-95C0-00C04F9A8CFA} At least Internet Explorer 5.0 Designates Microsoft Survey Control as an administrator approved control.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled At least Internet Explorer 10.0 on Windows 8 This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\FlipAhead!Enabled At least Internet Explorer 10.0 on Windows 8 This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender!Enabled At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer preemptively loads websites and content in the background User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\PrefetchPrerender!Enabled At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer preemptively loads websites and content in the background Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\DesktopSwipe!Enabled At least Internet Explorer 11.0 This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\DesktopSwipe!Enabled At least Internet Explorer 11.0 This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings!LOCALMACHINE_CD_UNLOCK At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CertificateRevocation At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType At least Internet Explorer 7.0 This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!UseClearType At least Internet Explorer 7.0 This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup At least Internet Explorer 8.0 This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\CaretBrowsing!EnableOnStartup At least Internet Explorer 8.0 This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation At least Internet Explorer 10.0 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation At least Internet Explorer 10.0 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Isolation64Bit At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Isolation64Bit At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat At least Internet Explorer 10.0 This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableEPMCompat At least Internet Explorer 10.0 This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack At least Internet Explorer 10.0 This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DoNotTrack At least Internet Explorer 10.0 This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableHttp1_1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxyHttp1.1 At least Internet Explorer 8.0 This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSPDY3_0 At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression User TRUE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableSPDY3_0 At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols At least Internet Explorer 8.0 This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!SecureProtocols At least Internet Explorer 8.0 This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED At least Internet Explorer 7.0 This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableRIED At least Internet Explorer 7.0 This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Download!CheckExeSignatures At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable Browser Extensions At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoWebJITSetup Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!NoUpdateCheck At least Internet Explorer 6.0 in Windows 2003 Service Pack 1. Not supported on Windows Vista This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether software User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Download!RunInvalidSignatures At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether software Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Animations At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Play_Background_Sounds At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Videos Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Internet Explorer\Security\P3Global!Enabled Only Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisableCachingOfSSLPages At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Advanced Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache!Persistent At least Internet Explorer 6.0 in Windows 2003 Service Pack 1 This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Content Page HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor At least Internet Explorer 10.0 This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Content Page HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShowContentAdvisor At least Internet Explorer 10.0 This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Append Completion At least Internet Explorer 7.0 This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!Use AutoComplete Only Internet Explorer 4.0 This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKLM\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry At least Internet Explorer 9.0 This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!GotoIntranetSiteForSingleWordEntry At least Internet Explorer 9.0 This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Disable Script Debugger At least Internet Explorer 7.0 This policy setting allows you to turn on your script debugger User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Friendly http errors At least Internet Explorer 7.0 This policy setting specifies whether User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Page_Transitions Only Internet Explorer 5.0 through Internet Explorer 8.0 This policy setting specifies if User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Error Dlg Displayed On Every Error At least Internet Explorer 7.0 This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!SmoothScroll At least Internet Explorer 7.0 This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Anchor Underline At least Internet Explorer 7.0 This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FormatDetection!PhoneNumberEnabled At least Internet Explorer 11.0 This policy setting determines whether phone numbers are recognized and turned into hyperlinks User TRUE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FormatDetection!PhoneNumberEnabled At least Internet Explorer 11.0 This policy setting determines whether phone numbers are recognized and turned into hyperlinks User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingChannels Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoAddingSubscriptions Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelLogging Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChannelUI Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingScheduleGroups Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from adding User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoEditingSubscriptions Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingChannels Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoRemovingSubscriptions Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoScheduledUpdates Only Internet Explorer 5.0 and Internet Explorer 6.0 Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing User FALSE Windows Components\Internet Explorer\Offline Pages HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSubscriptionContent Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing Machine FALSE Windows Components\Internet Explorer\Corporate Settings\Code Download HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!CodeBaseSearchPath At least Internet Explorer 7.0 This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab At least Internet Explorer 5.0 Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!AdvancedTab At least Internet Explorer 5.0 Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab At least Internet Explorer 5.0 Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ConnectionsTab At least Internet Explorer 5.0 Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab At least Internet Explorer 5.0 If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ContentTab At least Internet Explorer 5.0 If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab At least Internet Explorer 5.0 Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!GeneralTab At least Internet Explorer 5.0 Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab At least Internet Explorer 5.0 Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!PrivacyTab At least Internet Explorer 5.0 Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab At least Internet Explorer 5.0 Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ProgramsTab At least Internet Explorer 5.0 Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab At least Internet Explorer 5.0 Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!SecurityTab At least Internet Explorer 5.0 Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnablePunyCode At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\Mailto!UTF8Encoding At least Internet Explorer 7.0 This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors At least Internet Explorer 7.0 This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" User FALSE Windows Components\Internet Explorer\Internet Control Panel HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!PreventIgnoreCertErrors At least Internet Explorer 7.0 This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" User FALSE Windows Components\Internet Explorer\Internet Settings\URL Encoding HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!UrlEncoding At least Internet Explorer 7.0 This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8) User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Background Color At least Internet Explorer 7.0 This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Text Color At least Internet Explorer 7.0 This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use_DlgBox_Colors At least Internet Explorer 7.0 This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings\Component Updates\Help Menu > About Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion!IEAKUpdateUrl At least Internet Explorer 7.0 This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Internet Connection Wizard Settings HKCU\Software\Policies\Microsoft\Internet Connection Wizard!DisableICW At least Internet Explorer 7.0. Not supported on Windows Vista This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4 At least Internet Explorer 9.0 This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Security!ENABLE_MD2_MD4 At least Internet Explorer 9.0 This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS User FALSE Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS Machine FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example User FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Machine FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING User FALSE Windows Components\Internet Explorer\Security Features\Consistent Mime Handling HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING Machine FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default User FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default Machine FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND User FALSE Windows Components\Internet Explorer\Security Features\Notification bar HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND Machine FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens User FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places zone restrictions on each Web page it opens Machine FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN User FALSE Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN Machine FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING User FALSE Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING Machine FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL User FALSE Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN Machine FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING User FALSE Windows Components\Internet Explorer\Security Features\Object Caching Protection HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING Machine FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet User FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Machine FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION User FALSE Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL User FALSE Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD User FALSE Windows Components\Internet Explorer\Security Features\Restrict File Download HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD Machine FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer allows scripts to programmatically open User FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!* At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 Internet Explorer allows scripts to programmatically open Machine FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) User FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) Machine FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS User FALSE Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 Machine FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 User FALSE Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoCrashDetection At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer!AllowServicePoweredQSA At least Internet Explorer 11.0 This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions User TRUE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer!AllowServicePoweredQSA At least Internet Explorer 11.0 This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover At least Internet Explorer 8.0 This policy setting turns off Automatic Crash Recovery.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!AutoRecover At least Internet Explorer 8.0 This policy setting turns off Automatic Crash Recovery.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery!NoReopenLastSession At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExtensionManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders At least Internet Explorer 7.0 This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!AddPolicySearchProviders At least Internet Explorer 7.0 This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus At least Internet Explorer 7.0 This policy setting allows you to turn on or turn off the earlier menus (for example User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus At least Internet Explorer 7.0 This policy setting allows you to turn on or turn off the earlier menus (for example Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\LinksBar!Enabled At least Internet Explorer 8.0 This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!EnableAutoProxyResultCache At least Internet Explorer 5.0 Prevents automatic proxy scripts User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoExternalBranding At least Internet Explorer 5.0 Prevents branding of Internet programs User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Advanced At least Internet Explorer 5.0 Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version At least Internet Explorer 7.0 This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!Version At least Internet Explorer 7.0 This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DialupAutodetect At least Internet Explorer 5.0 Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings At least Internet Explorer 7.0 This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Security!DisableFixSecuritySettings At least Internet Explorer 7.0 This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled Only Internet Explorer 7.0 This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!Enabled Only Internet Explorer 7.0 This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter!EnabledV8 Only Internet Explorer 8.0 This policy setting allows the user to enable the SmartScreen Filter User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!DisablePopupFilterLevel At least Internet Explorer 7.0 This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!DisplayScriptDownloadFailureUI At least Internet Explorer 5.0 Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe At least Internet Explorer 7.0 This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_logging!iexplore.exe At least Internet Explorer 7.0 This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites At least Internet Explorer 5.0 This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer!DisableImportExportFavorites At least Internet Explorer 5.0 This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation At least Internet Explorer 9.0 This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Geolocation!PolicyDisableGeolocation At least Internet Explorer 9.0 This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKLM\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE At least Internet Explorer 10.0 on Windows 8 This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\Add-on Management HKCU\Software\Policies\Microsoft\Internet Explorer!DisableFlashInIE At least Internet Explorer 10.0 on Windows 8 This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled At least Internet Explorer 7.0 This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\ZOOM!ZoomDisabled At least Internet Explorer 7.0 This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Identities!Locked Down Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck At least Internet Explorer 9.0 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!IgnoreFrameApprovalCheck At least Internet Explorer 9.0 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications At least Internet Explorer 9.0 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!DisableAddonLoadTimePerformanceNotifications At least Internet Explorer 9.0 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled At least Internet Explorer 9.0 This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\ActiveXFiltering!IsEnabled At least Internet Explorer 9.0 This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory At least Internet Explorer 7.0 This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteBrowsingHistory At least Internet Explorer 7.0 This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms At least Internet Explorer 7.0 This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeleteForms At least Internet Explorer 7.0 This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords At least Internet Explorer 7.0 This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!DisableDeletePasswords At least Internet Explorer 7.0 This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies At least Internet Explorer 8.0 This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanCookies At least Internet Explorer 8.0 This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory At least Internet Explorer 8.0 This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanHistory At least Internet Explorer 8.0 This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory At least Internet Explorer 9.0 This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanDownloadHistory At least Internet Explorer 9.0 This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF At least Internet Explorer 8.0 This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanTIF At least Internet Explorer 8.0 This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking Only Internet Explorer 8.0 This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!CleanInPrivateBlocking Only Internet Explorer 8.0 This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList At least Internet Explorer 8.0 This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!UseAllowList At least Internet Explorer 8.0 This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit At least Internet Explorer 8.0 This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!ClearBrowsingHistoryOnExit At least Internet Explorer 8.0 This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize At least Internet Explorer 7.0 This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableFirstRunCustomize At least Internet Explorer 7.0 This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu At least Internet Explorer 7.0 This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpMenu At least Internet Explorer 7.0 This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox Only Internet Explorer 7.0 and Internet Explorer 8.0 This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchBox Only Internet Explorer 7.0 and Internet Explorer 8.0 This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal At least Internet Explorer 8.0 This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!ShowSearchSuggestionsGlobal At least Internet Explorer 8.0 This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick Only Internet Explorer 8.0 This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!DisplayQuickPick Only Internet Explorer 8.0 This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoJITSetup Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents Internet Explorer from automatically installing components.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth At least Internet Explorer 8.0 This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!TabProcGrowth At least Internet Explorer 8.0 This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload At least Internet Explorer 9.0 This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ShutdownWaitForOnUnload At least Internet Explorer 9.0 This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow At least Internet Explorer 8.0 This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!NewTabPageShow At least Internet Explorer 8.0 This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Groups At least Internet Explorer 8.0 This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!QuickTabsThreshold Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider At least Internet Explorer 7.0 This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoChangeDefaultSearchProvider At least Internet Explorer 7.0 This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSplash Only Internet Explorer 5.0 Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!Enabled Internet Explorer 7.0 to Internet Explorer 10.0 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow At least Internet Explorer 7.0 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!PopupsUseNewWindow At least Internet Explorer 7.0 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoUpdateCheck Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse At least Internet Explorer 7.0 This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AllowWindowReuse At least Internet Explorer 7.0 This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Outlook Express!BlockExeAttachments Only Internet Explorer 6.0 Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Accessibility At least Internet Explorer 5.0 If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig At least Internet Explorer 5.0 This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Autoconfig At least Internet Explorer 5.0 This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Cache At least Internet Explorer 5.0 Prevents users from changing the browser cache settings User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!CalendarContact At least Internet Explorer 5.0. Not supported on Windows Vista Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Certificates At least Internet Explorer 5.0 Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Check_If_Default Only Internet Explorer 5.0 through Internet Explorer 9.0 Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Check_Associations At least Internet Explorer 10.0 This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Colors At least Internet Explorer 5.0 Prevents users from changing the default Web page colors.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings At least Internet Explorer 5.0 Prevents users from changing dial-up settings.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connwiz Admin Lock At least Internet Explorer 5.0 Prevents users from running the Internet Connection Wizard.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Fonts At least Internet Explorer 5.0 Prevents users from changing font settings.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages At least Internet Explorer 8.0 Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPages At least Internet Explorer 8.0 Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Languages At least Internet Explorer 5.0 Prevents users from changing language preference settings.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!links At least Internet Explorer 5.0 Prevents users from changing the colors of links on Web pages.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Messaging At least Internet Explorer 5.0. Not supported on Windows Vista Prevents users from changing the default programs for messaging tasks.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList At least Internet Explorer 7.0 You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!RestrictPopupExceptionList At least Internet Explorer 7.0 You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPopupManagement At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Profiles Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from changing Profile Assistant settings.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy At least Internet Explorer 5.0 This policy setting specifies if a user can change proxy settings.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Proxy At least Internet Explorer 5.0 This policy setting specifies if a user can change proxy settings.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Ratings At least Internet Explorer 5.0 Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!ResetWebSettings Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from restoring default settings for home and search pages.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Delete Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings Only Internet Explorer 5.0 through Internet Explorer 7.0 This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history User FALSE Windows Components\Internet Explorer\Delete Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!Settings Only Internet Explorer 5.0 through Internet Explorer 7.0 This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest At least Internet Explorer 5.0 This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete!AutoSuggest At least Internet Explorer 5.0 This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKLM\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes At least Internet Explorer 8.0 This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch!EnabledScopes At least Internet Explorer 8.0 This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKLM\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled At least Internet Explorer 10.0 This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\AutoComplete HKCU\Software\Policies\Microsoft\Internet Explorer\DomainSuggestion!Enabled At least Internet Explorer 10.0 This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFindFiles Only Internet Explorer 5.0 and Internet Explorer 6.0 Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoSearchCustomization Only Internet Explorer 5.0 and Internet Explorer 6.0 Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_HKLM_only At least Internet Explorer 5.0 Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_options_edit At least Internet Explorer 5.0 Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!Security_zones_map_edit At least Internet Explorer 5.0 Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoMSAppLogo5ChannelNotify Only Internet Explorer 5.0 and Internet Explorer 6.0 Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly At least Internet Explorer 7.0 This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!UsePolicySearchProvidersOnly At least Internet Explorer 7.0 This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram At least Internet Explorer 7.0. Not supported on Windows Vista This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\SQM!DisableCustomerImprovementProgram At least Internet Explorer 7.0. Not supported on Windows Vista This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground At least Internet Explorer 7.0 This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing!OpenInForeground At least Internet Explorer 7.0 This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ProxySettingsPerUser At least Internet Explorer 5.0 Applies proxy settings to all users of the same computer.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120b At least Internet Explorer 8.0 This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1409 At least Internet Explorer 8.0 This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!IntranetName At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving At least Internet Explorer 8.0 This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnBadCertRecving At least Internet Explorer 8.0 This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!ProxyByPass At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!UNCAsIntranet At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect At least Internet Explorer 7.0 This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap!AutoDetect At least Internet Explorer 7.0 This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet At least Internet Explorer 7.0 This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!WarnOnIntranet At least Internet Explorer 7.0 This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2300 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2104 At least Internet Explorer 7.0 This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!120A At least Internet Explorer 7.0 This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1209 At least Internet Explorer 7.0 This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1208 At least Internet Explorer 7.0 This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!160A At least Internet Explorer 7.0 This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2301 At least Internet Explorer 7.0 This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2105 At least Internet Explorer 7.0 This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2103 At least Internet Explorer 7.0 This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2500 At least Internet Explorer 7.0 in Windows Vista This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1806 At least Internet Explorer 7.0 This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2400 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1206 At least Internet Explorer 7.0 This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2600 At least Internet Explorer 7.0 This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2402 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2401 At least Internet Explorer 7.0 This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1406 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1400 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1608 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting TRUE TRUE Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2000 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1809 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1609 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1802 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270B At least Internet Explorer 10.0 This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1803 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1604 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1800 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE8 inclusive This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1C00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage permissions for Java applets.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1804 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A00 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage settings for logon options.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2100 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2708 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2709 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1607 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1A04 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1200 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1405 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting Machine TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls User TRUE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!270C At least Internet Explorer 11.0 This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1201 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1402 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2001 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1E05 Only Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 through IE7 inclusive This policy setting allows you to manage software channel permissions.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1601 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2004 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!1606 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage the preservation of information in the browser's history Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2102 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!2101 At least Internet Explorer 6.0 in Windows XP with Service Pack 2 or Windows Server 2003 with Service Pack 1 This policy setting allows you to manage whether Web sites from less privileged zones User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Hover At least Internet Explorer 7.0 This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color At least Internet Explorer 7.0 This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Anchor Color Visited At least Internet Explorer 7.0 This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users User FALSE Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors HKCU\Software\Policies\Microsoft\Internet Explorer\Settings!Use Anchor Hover Color At least Internet Explorer 7.0 This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserClose At least Internet Explorer 5.0 Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserSaveAs At least Internet Explorer 5.0 Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!NoBrowserSaveWebComplete At least Internet Explorer 5.0 Prevents users from saving the complete contents that are displayed on or run from a Web page User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileNew At least Internet Explorer 5.0 Prevents users from opening a new browser window from the File menu.If this policy is enabled User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFileOpen At least Internet Explorer 5.0 Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemSendFeedback At least Internet Explorer 5.0 Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemNetscapeHelp Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTipOfTheDay Only Internet Explorer 5.0 and Internet Explorer 6.0 Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoHelpItemTutorial At least Internet Explorer 7.0 Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserContextMenu At least Internet Explorer 5.0 This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8 User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoFavorites At least Internet Explorer 5.0 Prevents users from adding User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoOpeninNewWnd At least Internet Explorer 5.0 Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoSelectDownloadDir At least Internet Explorer 5.0 Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy Machine FALSE Windows Components\Internet Explorer\Browser menus HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting At least Internet Explorer 5.0 This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoPrinting At least Internet Explorer 5.0 This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoBrowserOptions At least Internet Explorer 5.0 Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoTheaterMode At least Internet Explorer 5.0 Prevents users from displaying the browser in full-screen (kiosk) mode User FALSE Windows Components\Internet Explorer\Browser menus HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoViewSource At least Internet Explorer 5.0 Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Enable AutoImageResize At least Internet Explorer 7.0 This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Display Inline Images At least Internet Explorer 7.0 This policy setting specifies whether graphical images are included when pages are displayed.Sometimes Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec At least Internet Explorer 9.0 This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!EnableAlternativeCodec At least Internet Explorer 9.0 This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Show image placeholders At least Internet Explorer 7.0 This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia HKCU\SOFTWARE\Policies\Microsoft\Internet Explorer!SmartDithering At least Internet Explorer 7.0 This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Persistence Behavior HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit User FALSE Windows Components\Internet Explorer\Persistence Behavior HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DomainLimit User FALSE Windows Components\Internet Explorer\Persistence Behavior HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DomainLimit User FALSE Windows Components\Internet Explorer\Persistence Behavior HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DomainLimit User FALSE Windows Components\Internet Explorer\Persistence Behavior HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DomainLimit User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Printing HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Print_Background At least Internet Explorer 7.0 This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus At least Internet Explorer 7.0 This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!BackgroundSyncStatus At least Internet Explorer 7.0 This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload At least Internet Explorer 7.0 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableEnclosureDownload At least Internet Explorer 7.0 This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove At least Internet Explorer 7.0 This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableAddRemove At least Internet Explorer 7.0 This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled At least Internet Explorer 7.0 This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feed Discovery!Enabled At least Internet Explorer 7.0 This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane At least Internet Explorer 7.0 This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!DisableFeedPane At least Internet Explorer 7.0 This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting Machine FALSE Windows Components\RSS Feeds HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear At least Internet Explorer 8.0 This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting User FALSE Windows Components\RSS Feeds HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds!AllowBasicAuthInClear At least Internet Explorer 8.0 This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!* At least Internet Explorer 7.0 This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete User FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!* At least Internet Explorer 7.0 This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete Machine FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) User FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) Machine FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt User FALSE Windows Components\Internet Explorer\Application Compatibility\Clipboard access HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch At least Internet Explorer 7.0 This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AutoSearch At least Internet Explorer 7.0 This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKLM\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult At least Internet Explorer 9.0 This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes!TopResult At least Internet Explorer 9.0 This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP At least Internet Explorer 7.0 This policy setting allows the user to run natively implemented User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main!XMLHTTP At least Internet Explorer 7.0 This policy setting allows the user to run natively implemented Machine FALSE Windows Components\Internet Explorer\Security Features HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURI!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DEPOff At least Internet Explorer 8.0 This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008 Machine FALSE Windows Components\Internet Explorer\Security Features HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal At least Internet Explorer 10.0 This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button User FALSE Windows Components\Internet Explorer\Security Features HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisablePasswordReveal At least Internet Explorer 10.0 This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST!iexplore.exe At least Internet Explorer 8.0 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe At least Internet Explorer 10.0 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET!iexplore.exe At least Internet Explorer 10.0 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also Machine FALSE Windows Components\Internet Explorer\Security Features\AJAX HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 10.0 This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Security Features\AJAX HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBSOCKET_MAXCONNECTIONSPERSERVER!iexplore.exe At least Internet Explorer 10.0 This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings\Advanced settings\Signup Settings HKCU\Software\Policies\Microsoft\IEAK!NoAutomaticSignup At least Internet Explorer 7.0 This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader At least Internet Explorer 7.0 This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions!DisableToolbarUpgrader At least Internet Explorer 7.0 This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled At least Internet Explorer 8.0 This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\IEDevTools!Disabled At least Internet Explorer 8.0 This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoBandCustomize At least Internet Explorer 5.0 Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarCustomize At least Internet Explorer 5.0 Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled At least Internet Explorer 8.0 This policy setting allows you to show or hide the Command bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!CommandBarEnabled At least Internet Explorer 8.0 This policy setting allows you to show or hide the Command bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb At least Internet Explorer 8.0 This policy setting allows you to show or hide the status bar.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\Main!StatusBarWeb At least Internet Explorer 8.0 This policy setting allows you to show or hide the status bar.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked At least Internet Explorer 8.0 This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar!Locked At least Internet Explorer 8.0 This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar At least Internet Explorer 8.0 This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowLeftAddressToolbar At least Internet Explorer 8.0 This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption At least Internet Explorer 8.0 This policy setting allows you to choose among three different labels for command buttons: show all text labels User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!TextOption At least Internet Explorer 8.0 This policy setting allows you to choose among three different labels for command buttons: show all text labels Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons At least Internet Explorer 8.0 This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!SmallIcons At least Internet Explorer 8.0 This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Toolbars HKLM\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar At least Internet Explorer 9.0 This policy setting allows you to manage where tabs are displayed.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Toolbars HKCU\Software\Policies\Microsoft\Internet Explorer\MINIE!ShowTabsBelowAddressBar At least Internet Explorer 9.0 This policy setting allows you to manage where tabs are displayed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Interval At least Internet Explorer 7.0 This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools HKLM\Software\Policies\Microsoft\Internet Explorer\Main!Update_Check_Page At least Internet Explorer 7.0 This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt At least Internet Explorer 8.0 This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before User FALSE Windows Components\Internet Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!NoFirsttimeprompt At least Internet Explorer 8.0 This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX!BlockNonAdminActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Windows\AxInstaller!OnlyUseAXISForActiveXInstall At least Internet Explorer 8.0 This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled At least Internet Explorer 8.0 This policy setting controls the Suggested Sites feature User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Suggested Sites!Enabled At least Internet Explorer 8.0 This policy setting controls the Suggested Sites feature Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing At least Internet Explorer 8.0 This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy!EnableInPrivateBrowsing At least Internet Explorer 8.0 This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars At least Internet Explorer 8.0 This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableToolbars At least Internet Explorer 8.0 This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging Only Internet Explorer 8.0 This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableLogging Only Internet Explorer 8.0 This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold Only Internet Explorer 8.0 This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!Threshold Only Internet Explorer 8.0 This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking Only Internet Explorer 8.0 This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableInPrivateBlocking Only Internet Explorer 8.0 This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold At least Internet Explorer 9.0 This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!TrackingProtectionThreshold At least Internet Explorer 9.0 This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However Machine FALSE Windows Components\Internet Explorer\Privacy HKLM\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection At least Internet Explorer 9.0 This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Privacy HKCU\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE!DisableTrackingProtection At least Internet Explorer 9.0 This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall At least Internet Explorer 8.0 This policy setting allows you to add non-default Accelerators.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstall At least Internet Explorer 8.0 This policy setting allows you to add non-default Accelerators.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall At least Internet Explorer 8.0 This policy setting allows you to add default Accelerators.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstall At least Internet Explorer 8.0 This policy setting allows you to add default Accelerators.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities At least Internet Explorer 8.0 This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\Activities!NoActivities At least Internet Explorer 8.0 This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Accelerators HKLM\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly At least Internet Explorer 8.0 This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Accelerators HKCU\Software\Policies\Microsoft\Internet Explorer\Activities\Restrictions!UsePolicyActivitiesOnly At least Internet Explorer 8.0 This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!AllSitesCompatibilityMode Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing At least Internet Explorer 8.0 This policy setting controls the Compatibility View feature User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!DisableSiteListEditing At least Internet Explorer 8.0 This policy setting controls the Compatibility View feature Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode At least Internet Explorer 8.0 This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!IntranetCompatibilityMode At least Internet Explorer 8.0 This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\CommandBar!ShowCompatibilityViewButton Internet Explorer 8.0 to Internet Explorer 10.0 This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList At least Internet Explorer 8.0 This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyList At least Internet Explorer 8.0 This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList At least Internet Explorer 8.0 Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\QuirksPolicyList At least Internet Explorer 8.0 Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Compatibility View HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode At least Internet Explorer 8.0 This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Compatibility View HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation!MSCompatibilityMode At least Internet Explorer 8.0 This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode At least Internet Explorer 9.0 This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed User FALSE Windows Components\Internet Explorer HKCU\Software\Policies\Microsoft\Internet Explorer\Main!DisableAddSiteMode At least Internet Explorer 9.0 This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage!DefaultDomainCacheLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases At least Internet Explorer 10.0 This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!AllowWebsiteDatabases At least Internet Explorer 10.0 This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\IndexedDB!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches At least Internet Explorer 10.0 This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!AllowWebsiteCaches At least Internet Explorer 10.0 This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!MaxTrustedDomainLimitInMB At least Internet Explorer 10.0 This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!TotalLimitInMB At least Internet Explorer 10.0 This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays At least Internet Explorer 10.0 This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!GarbageCollectionThresholdInDays At least Internet Explorer 10.0 This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota At least Internet Explorer 10.0 This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestResourceQuota At least Internet Explorer 10.0 This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB At least Internet Explorer 10.0 This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page\Browsing History HKCU\Software\Policies\Microsoft\Internet Explorer\BrowserStorage\AppCache!ManifestSingleResourceQuotaInMB At least Internet Explorer 10.0 This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page HKLM\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled At least Internet Explorer 10.0 This policy setting configures what Internet Explorer displays when a new browsing session is started. By default User FALSE Windows Components\Internet Explorer\Internet Control Panel\General Page HKCU\Software\Policies\Microsoft\Internet Explorer\ContinuousBrowsing!Enabled At least Internet Explorer 10.0 This policy setting configures what Internet Explorer displays when a new browsing session is started. By default Machine FALSE Windows Components\Internet Explorer\Internet Settings HKLM\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation At least Internet Explorer 10.0 on Windows 8 This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Settings HKCU\Software\Policies\Microsoft\Internet Explorer\Main!ApplicationTileImmersiveActivation At least Internet Explorer 10.0 on Windows 8 This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Settings HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode At least Internet Explorer 10.0 on Windows 8 This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide User FALSE Windows Components\Internet Explorer\Internet Settings HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AssociationActivationMode At least Internet Explorer 10.0 on Windows 8 This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide Machine FALSE Windows Components\Internet Explorer HKLM\Software\Policies\Microsoft\Internet Explorer\Main!EnableAutoUpgrade At least Internet Explorer 10.0 This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports At least Windows Vista Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports!PreventHandwritingErrorReports At least Windows Vista Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureiSNSServers At least Windows Vista If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargetPortals At least Windows Vista If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!ConfigureTargets At least Windows Vista If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. Machine FALSE System\iSCSI\iSCSI Target Discovery HKLM\Software\Policies\Microsoft\Windows\iSCSI!NewStaticTargets At least Windows Vista If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. Machine FALSE System\iSCSI\General iSCSI HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeIQNName At least Windows Vista If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. Machine FALSE System\iSCSI\General iSCSI HKLM\Software\Policies\Microsoft\Windows\iSCSI!RestrictAdditionalLogins At least Windows Vista If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established. Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!ChangeCHAPSecret At least Windows Vista If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireIPSec At least Windows Vista If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireMutualCHAP At least Windows Vista If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established. Machine FALSE System\iSCSI\iSCSI Security HKLM\Software\Policies\Microsoft\Windows\iSCSI!RequireOneWayCHAP At least Windows Vista If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. Machine FALSE System\KDC HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EmitLILI At least Windows Vista This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting Machine FALSE System\KDC HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch TRUE Machine FALSE System\KDC HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!KdcValidation At least Windows Vista This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!StrictTargetContext At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN) Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!NoRevocationCheck At least Windows Server 2012 Machine FALSE System\Kerberos HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!RequireFast At least Windows Server 2012 Machine FALSE System\Kerberos HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled Machine FALSE System\Kerberos HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize TRUE Machine FALSE Network\Lanman Server HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashPublicationForPeerCaching At least Windows Server 2008 R2 or Windows 7 This policy setting specifies whether a hash generation service generates hashes Machine FALSE Network\Lanman Server HKLM\Software\Policies\Microsoft\Windows\LanmanServer!HashSupportVersion At least Windows Server 2012 Machine FALSE System\Troubleshooting and Diagnostics\Windows Memory Leak Diagnosis HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled Machine FALSE Network\Link-Layer Topology Discovery HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableLLTDIO Machine FALSE Network\Link-Layer Topology Discovery HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableRspndr Machine FALSE Windows Components\Location and Sensors\Windows Location Provider HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableWindowsLocationProvider At least Windows Server 2012 User FALSE System\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRun At least Windows 2000 This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRun At least Windows 2000 This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista User FALSE System\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableCurrentUserRunOnce At least Windows 2000 This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRunOnce At least Windows 2000 This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonType At least Windows Server 2003 operating systems or Windows XP Professional This policy setting forces the user to log on to the computer using the classic logon screen. By default Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen Windows 2000 only This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting User FALSE System\Logon HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run At least Windows 2000 This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run At least Windows 2000 This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon!SyncForegroundPolicy At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether Group Policy processing is synchronous (that is Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStatusMessages Windows Server 2003 User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWelcomeScreen Windows 2000 only This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!VerboseStatus At least Windows 2000 This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideFastUserSwitching At least Windows Vista This policy setting allows you to hide the Switch User interface in the Logon UI Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableStartupSound At least Windows Vista This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup Machine FALSE System\Logon HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableFirstLogonAnimation At least Windows Server 2012 Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!UseOEMBackground Windows Server 2008 R2 and Windows 7 This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!DontEnumerateConnectedUsers At least Windows Server 2012 Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!EnumerateLocalUsers At least Windows Server 2012 Machine FALSE System\Logon HKLM\Software\Policies\Microsoft\Windows\System!DisableLockScreenAppNotifications At least Windows Server 2012 User FALSE Windows Components\Windows Media Center HKCU\Software\Policies\Microsoft\WindowsMediaCenter!MediaCenter At least Windows Vista This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos Machine FALSE Windows Components\Windows Media Center HKLM\Software\Policies\Microsoft\WindowsMediaCenter!MediaCenter At least Windows Vista This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos User FALSE Windows Components\Microsoft Management Console HKCU\Software\Policies\Microsoft\MMC!RestrictAuthorMode At least Windows 2000 Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode User FALSE Windows Components\Microsoft Management Console HKCU\Software\Policies\Microsoft\MMC!RestrictToPermittedSnapins At least Windows 2000 Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{B708457E-DB61-4C55-A92F-0D4B5E9B1224}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional Permits or prohibits use of this snap-in.If you enable this setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{C96401CF-0E17-11D3-885B-00C04F72C717}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional Permits or prohibits use of this snap-in.If you enable this setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{C96401D1-0E17-11D3-885B-00C04F72C717}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional Permits or prohibits use of this snap-in.If you enable this setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{1AA7F83C-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{1F5EEC01-1214-4D94-80C5-4BDCD2014DDD}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{3F276EB4-70EE-11D1-8A0F-00C04FB93753}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE450B-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{9EC88934-C774-11d1-87F4-00C04FC2C17B}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{90087284-d6d6-11d0-8353-00a0c90640bf}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE4502-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{634BDE40-E5E1-49A1-B2CD-140FFFC830F9}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{394C052E-B830-11D0-9A86-00C04FD8DBF7}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{2E19B602-48EB-11d2-83CA-00104BCA42CF}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE4508-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE4500-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{90810502-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{90810500-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{90810504-38F1-11D1-9345-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{6E8E0081-19CD-11D1-AD91-00AA00B8E05A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{6d8880af-e518-43a8-986c-1ad21c4c976e}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE4506-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{34AB8E82-C27E-11D1-A6C0-00C04FB94F17}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{B52C1E50-1DD2-11D1-BC43-00C04FC31FD3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{5880CD5C-8EC0-11d1-9570-0060B0576642}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{243E20B0-48ED-11D2-97DA-00A024D77700}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{C2FE4504-D6C2-11D0-A37B-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{DAB1A262-4FD7-11D1-842C-00C04FB6C218}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{B1AFF7D0-0C49-11D1-BB12-00C04FC9A3A3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{BD95BA60-2E26-AAD1-AD99-00AA00B8E05A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{58221C69-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{03f1f940-a0f2-11d0-bb77-00aa00a1eab7}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{7AF60DD3-4979-11D1-8A6C-00C04FC33566}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{D70A2BEA-A63E-11D1-A7D4-0000F87571E3}!Restrict_Run Windows Server 2003 User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{6DC3804B-7212-458D-ADB0-9A07E2AE1FA2}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA0-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4ecb-66b2-44e8-9915-be02e84438ba}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{3060E8CE-7020-11D2-842D-00C04FA372D4}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B6664F-4972-11D1-A7CA-0000F87571E3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B66650-4972-11D1-A7CA-0000F87571E3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{942A8E4F-A261-11D1-A760-00C04FB9603F}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{BACF5C8A-A3C7-11D1-A760-00C04FB9603F}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{06993B16-A5C7-47EB-B61C-B1CB7EE600AC}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{2DA6AA7F-8C88-4194-A558-0D36E7FD3E64}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AE-EF3A-41C8-A911-37370C331DD4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{B6F9C8AF-EF3A-41C8-A911-37370C331DD4}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{c40d66a0-e90c-46c6-aa3b-473e38c72bf2}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{d524927d-6c08-46bf-86af-391534d779d3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B66660-4972-11d1-A7CA-0000F87571E3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{40B66661-4972-11d1-A7CA-0000F87571E3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{fe883157-cebd-4570-b7a2-e4fe06abe626}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{7E45546F-6D52-4D10-B702-9C2E67232E62}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions HKCU\Software\Policies\Microsoft\MMC\{1BC972D6-555C-4FF7-BE2C-C584021A0A6A}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{EBC53A38-A23F-11D0-B09B-00C04FD8DCA6}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{D967F824-9968-11D0-B936-00C04FD8D5B0}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{E355E538-1C2E-11D0-8C37-00C04FD8FE93}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{1C5DACFA-16BA-11D2-81D0-0000F87A7AA3}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{de751566-4cc6-11d1-8ca0-00c04fc297eb}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{53D6AB1D-2488-11D1-A28C-00C04FB94F17}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{A994E107-6854-4F3D-917C-E6F01670F6D3}!Restrict_Run At least Windows Server 2003 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{C9BC92DF-5B9A-11D1-8F00-00C04FC2C17B}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{74246bfc-4c96-11d0-abef-0020af6b0b7a}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{677A2D94-28D9-11D1-A95B-008048918FB1}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{43668E21-2636-11D1-A1CE-0080C88593A5}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{8EAD3A12-B2C1-11d0-83AA-00A0C92C9D5D}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{D2779945-405B-4ACE-8618-508F3E3054AC}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{753EDB4D-2E1B-11D1-9064-00A0C90AB504}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{FF5903A8-78D6-11D1-92F6-006097B01056}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{89cc9588-7628-4d29-8e4a-6550d0087059}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{8F8F8DC0-5713-11D1-9551-0060B0576642}!Restrict_Run Windows Server 2003 only This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{A841B6C2-7577-11D0-BB1F-00A0C922E79C}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{95AD72F0-44CE-11D0-AE29-00AA004B9986}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{DEA8AFA2-CC85-11d0-9CE2-0080C7221EBD}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{57C596D0-9370-40C0-BA0D-AB491B63255D}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{a1bc4eca-66b2-44e8-9915-be02e84438ba}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{18BA7139-D98B-43c2-94DA-2604E34E175D}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{6630f2d7-bd52-4072-bfa7-863f3d0c5da0}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{7478EF61-8C46-11d1-8D99-00A0C913CAD4}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{FD57D297-4FD9-11D1-854E-00C04FC31FD3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{3D5D035E-7721-4B83-A645-6C07A3D403B7}!Restrict_Run At least Windows Server 2003 operating systems or Windows XP Professional This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{1AA7F839-C7F5-11D0-A376-00C04FC9DA04}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{3CB6973D-3E6F-11D0-95DB-00A024D77700}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{011BE22D-E453-11D1-945A-00C04FB984F9}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{5ADF5BF6-E452-11D1-945A-00C04FB984F9}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{18ea3f92-d6aa-41d9-a205-2023400c8fbb}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{58221C65-EA27-11CF-ADCF-00AA00A80033}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{45ac8c63-23e2-11d1-a696-00c04fd58bc3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{E26D02A0-4C1F-11D1-9AA1-00C04FC3357A}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{B91B6008-32D2-11D2-9888-00A0C925F917}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{7d3830aa-e69e-4e17-8bd1-1b87b97099da}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}!Restrict_Run At least Windows Vista This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{23DC5869-BD9F-46fd-AADD-1F869BA64FC3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\{5C659257-E236-11D2-8899-00104B2AFB46}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{9FE24B92-C23D-451c-8045-73038D99E620}!Restrict_Run At least Windows Server 2008 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy HKCU\Software\Policies\Microsoft\MMC\{C11D2F3B-E2F4-4e5b-824B-84A87AB0F666}!Restrict_Run At least Windows Server 2008 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc35-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{317cdc37-c09e-486f-ab09-90dd2e3fdd7d}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\{dbfca500-8c31-11d0-aa2c-00a0c92749a3}!Restrict_Run At least Windows 2000 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{813C1B01-6624-4922-9C6C-03C315646584}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f9f63d92-6225-410b-bb02-26239b8f1f59}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{671ee405-c969-4af9-ad1b-65e96b3b9a10}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f78fbadd-c21a-4e0a-b53d-c879a9c8f002}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46c-1297-4474-9cdf-831ebb245f49}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins HKCU\Software\Policies\Microsoft\MMC\FX:{f8abd46e-1297-4474-9cdf-831ebb245f49}!Restrict_Run At least Windows Server 2003 R2 This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting User FALSE Windows Components\Windows Mobility Center HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter At least Windows Vista This policy setting turns off Windows Mobility Center.If you enable this policy setting Machine FALSE Windows Components\Windows Mobility Center HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenter!NoMobilityCenter At least Windows Vista This policy setting turns off Windows Mobility Center.If you enable this policy setting User FALSE Windows Components\Presentation Settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings At least Windows Vista This policy setting turns off Windows presentation settings.If you enable this policy setting Machine FALSE Windows Components\Presentation Settings HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings!NoPresentationSettings At least Windows Vista This policy setting turns off Windows presentation settings.If you enable this policy setting Machine FALSE Windows Components\Maintenance Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Activation Boundary This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting Machine TRUE Windows Components\Maintenance Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized Machine FALSE Windows Components\Maintenance Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!WakeUp This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note Machine FALSE System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled Machine FALSE System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!DisableQueryRemoteServer At least Windows Server 2008 R2 or Windows 7 This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting Machine FALSE System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownBrowse At least Windows 2000 This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownMedia At least Windows 2000 This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AllowLockdownPatch At least Windows 2000 This policy setting allows users to patch elevated products.If you enable this policy setting User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated At least Windows 2000 This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!AlwaysInstallElevated At least Windows 2000 This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableAutomaticApplicationShutdown Windows Installer v4.0 This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableBrowse At least Windows 2000 This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableFlyweightPatching Windows Installer v3.0 This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLoggingFromPackage Windows Installer v4.0 This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!DisableMedia At least Windows 2000 This policy setting prevents users from installing any programs from removable media.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableMSI At least Windows 2000 This policy setting restricts the use of Windows Installer.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatch At least Windows 2000 This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!DisableRollback At least Windows 2000 This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableRollback At least Windows 2000 This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!EnableUserControl At least Windows 2000 This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableLUAPatching Windows Installer v3.0 This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisablePatchUninstall Windows Installer v3.0 This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!LimitSystemRestoreCheckpointing At least Windows Server 2003 operating systems or Windows XP Professional This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableUserInstalls Microsoft Windows XP or Windows 2000 with Windows Installer v2.0 This policy setting allows you to configure user installs. To configure this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!EnforceUpgradeComponentRules Windows Installer v3.0 This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!MaxPatchCacheSize Windows Installer v3.0 This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!Logging At least Windows 2000 Specifies the types of events that Windows Installer records in its transaction log for each installation. The log Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!SafeForScripting At least Windows 2000 This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting User FALSE Windows Components\Windows Installer HKCU\Software\Policies\Microsoft\Windows\Installer!SearchOrder At least Windows 2000 This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!TransformsSecure At least Windows 2000 This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!DisableSharedComponent This policy setting controls the ability to turn off shared components.If you enable this policy setting Machine FALSE Windows Components\Windows Installer HKLM\Software\Policies\Microsoft\Windows\Installer!MsiDisableEmbeddedUI This policy setting controls the ability to prevent embedded UI.If you enable this policy setting Machine FALSE Windows Components\Network Access Protection HKLM\SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Qecs\79620!Enabled At least Windows XP Professional with SP2 This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!SupportEmail Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!FriendlyName Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!ShowUI Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!NamePreferenceAllowed Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant!PassiveMode Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\Probes!Probe Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\DTEs!DTE Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default Machine FALSE \DirectAccess Client Experience Settings HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityAssistant\CustomCommands!CustomCommand Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!WebProbeUrl At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the URL of the corporate website Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeHost At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DnsProbeContent At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!SitePrefixes At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivity!DomainLocationDeterminationUrl At least Windows Server 2008 R2 or Windows 7 This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. Machine FALSE Network\Network Connectivity Status Indicator HKLM\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator!DisablePassivePolling At least Windows Server 2012 Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidPdcOnWan At least Windows Server 2003 operating systems or Windows XP Professional This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryInitialPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryMaximumPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundRetryQuitTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!BackgroundSuccessfulRefreshPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!dbFlag At least Windows Server 2003 This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ExpectedDialupDelay At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!MaximumLogFileSize At least Windows Server 2003 This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NegativeCachePeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveScriptsShareAccess At least Windows Server 2003 This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NonBackgroundSuccessfulRefreshPeriod At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ScavengeInterval At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteName At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowExclusiveSysvolShareAccess At least Windows Server 2003 This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowSingleLabelDnsDomain At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default TRUE Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AutoSiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsAvoidRegisterRecords At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsRefreshInterval At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!DnsTtl At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!GcSiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvPriority At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!LdapSrvWeight At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!NdncSiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!SiteCoverage At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!UseDynamicDns At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!TryNextClosestSite At least Windows Vista This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!ForceRediscoveryInterval At least Windows Vista This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressTypeReturned At least Windows Vista This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6 Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AllowNT4Crypto At least Windows Vista This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!IgnoreIncomingMailslotMessages At least Windows Vista This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AvoidFallbackNetbiosDiscovery At least Windows Server 2012 Machine FALSE System\Net Logon\DC Locator DNS Records HKLM\Software\Policies\Microsoft\Netlogon\Parameters!AddressLookupOnPingBehavior At least Windows Server 2012 Machine FALSE System\Net Logon HKLM\Software\Policies\Microsoft\Netlogon\Parameters!PingUrgencyMode At least Windows Server 2012 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AddRemoveComponents Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AdvancedSettings Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowAdvancedTCPIPConfig Microsoft Windows Server 2003 Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowNetBridge_NLA At least Windows Server 2003 operating systems or Windows XP Professional Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_ChangeBindState Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteAllUserConnection Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DeleteConnection At least Windows 2000 Service Pack 1 Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_DialupPrefs At least Windows 2000 Service Pack 1 Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_EnableAdminProhibits Windows Server 2003 and Windows XP only Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_IpStateChecking Microsoft Windows XP Professional with SP2 and Windows Server 2003 family only This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanChangeProperties Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanConnect Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_LanProperties At least Windows 2000 Service Pack 1 Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_NewConnectionWizard Microsoft Windows Server 2003 Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_PersonalFirewallConfig Windows Server 2003 and Windows XP only Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasAllUserProperties At least Windows 2000 Service Pack 1 Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasChangeProperties Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasConnect At least Windows 2000 Service Pack 1 Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RasMyProperties At least Windows 2000 Service Pack 1 Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameAllUserRasConnection Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameConnection Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameLanConnection Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_RenameMyRasConnection At least Windows 2000 Service Pack 1 Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_ShowSharedAccessUI Microsoft Windows Server 2003 User FALSE Network\Network Connections HKCU\Software\Policies\Microsoft\Windows\Network Connections!NC_Statistics Microsoft Windows Server 2003 Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_StdDomainUserSetLocation At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_DoNotShowLocalOnlyIcon At least Windows Server 2008 R2 or Windows 7 Specifies whether or not the "local access only" network icon will be shown.When enabled Machine FALSE Network\Network Connections HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Force_Tunneling At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainProxies At least Windows Server 2012 Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainLocalProxies At least Windows Server 2012 Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DomainSubnets At least Windows Server 2012 Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DProxiesAuthoritive At least Windows Server 2012 Machine FALSE Network\Network Isolation HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkIsolation!DSubnetsAuthoritive At least Windows Server 2012 User FALSE Windows Components\Network Projector HKCU\Software\Policies\Microsoft\NetworkProjector!DisableNetworkProjector At least Windows Vista This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting Machine FALSE Windows Components\Network Projector HKLM\Software\Policies\Microsoft\NetworkProjector!DisableNetworkProjector At least Windows Vista This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting Machine FALSE Windows Components\Network Projector HKLM\Software\Policies\Microsoft\NetworkProjector!NetworkProjectionPortNo At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!AlwaysPinSubFolders Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders At least Windows 2000 This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders At least Windows 2000 This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache\CustomGoOfflineActions Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!DefCacheSize Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!Enabled At least Windows 2000 This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!EncryptCache At least Windows Server 2003 operating systems Service Pack 1 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!EventLoggingLevel Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludeExtensions Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!GoOfflineAction Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoCacheViewer Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoConfigCache Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline At least Windows 2000 This policy setting prevents users from making network files and folders available offline.If you enable this policy setting Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoMakeAvailableOffline At least Windows 2000 This policy setting prevents users from making network files and folders available offline.If you enable this policy setting User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache\NoMakeAvailableOfflineList At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!NoReminders Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!NoReminders Windows Server 2003 TRUE User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderFreqMinutes Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!InitialBalloonTimeoutSeconds Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ReminderBalloonTimeoutSeconds Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkSpeed Windows XP Professional only Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogoff Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtLogon Windows Server 2003 User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncAtSuspend Windows Server 2003 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!EconomicalAdminPinning At least Windows Vista This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!OnlineCachingLatencyThreshold At least Windows Server 2008 R2 or Windows 7 This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!ExcludedFileTypes At least Windows Server 2008 R2 or Windows 7 This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting User FALSE Network\Offline Files HKCU\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled At least Windows Server 2012 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!WorkOfflineDisabled At least Windows Server 2012 Machine FALSE Network\Offline Files HKLM\Software\Policies\Microsoft\Windows\NetCache!SyncEnabledForCostedNetwork At least Windows Server 2012 Machine FALSE Network\Microsoft Peer-to-Peer Networking Services HKLM\Software\policies\Microsoft\Peernet!Disabled At least Windows XP Professional with SP2 This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!DisableMulticastBootstrap At least Windows XP Professional with SP2 This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!Disabled At least Windows XP Professional with SP2 This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SearchOnly At least Windows XP Professional with SP2 This policy setting limits a node to resolving Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!DisableMulticastBootstrap At least Windows XP Professional with SP2 This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!Disabled At least Windows XP Professional with SP2 This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SearchOnly At least Windows XP Professional with SP2 This policy setting limits a node to resolving Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal!SeedServer At least Windows XP Professional with SP2 This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!DisableMulticastBootstrap At least Windows XP Professional with SP2 This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!Disabled At least Windows XP Professional with SP2 This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SearchOnly At least Windows XP Professional with SP2 This policy setting limits a node to resolving Machine FALSE Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal!SeedServer At least Windows XP Professional with SP2 This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol Machine FALSE Network\Microsoft Peer-to-Peer Networking Services HKLM\Software\policies\Microsoft\Peernet!IgnoreDomainPasswordPolicyForNewGroups At least Windows Vista By default Machine FALSE Windows Components\Family Safety HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ParentalControls!WPCEnableOnDomain At least Windows Vista This policy setting allows you to configure the Family Safety feature.If you enable this policy setting Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisablePcaUI At least Windows Server 2012 Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service!Enable At least Windows 7 or Windows Server 2008 R2* This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\Republication!SizePercent At least Windows 7 or Windows Server 2008 R2* This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Connection!Location At least Windows 7 or Windows Server 2008 R2* This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching!Enable At least Windows 7 or Windows Server 2008 R2* This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy Machine FALSE Network\BranchCache HKLM\Software\Policies\Microsoft\Windows\NetCache!PeerCachingLatencyThreshold At least Windows Server 2008 R2 or Windows 7 This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\Discovery!SCPDiscoveryEnabled At least Windows Server 2012 Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Service\Versioning!PreferredContentInformationVersion At least Windows Server 2012 Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\MultipleServers At least Windows Server 2012 Machine FALSE Network\BranchCache HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Retrieval!SegmentTTL At least Windows Server 2012 User FALSE Windows Components\Tablet PC\Tablet PC Pen Training HKCU\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining Windows Vista only Turns off Tablet PC Pen Training.If you enable this policy setting Machine FALSE Windows Components\Tablet PC\Tablet PC Pen Training HKLM\SOFTWARE\Policies\Microsoft\PenTraining!DisablePenTraining Windows Vista only Turns off Tablet PC Pen Training.If you enable this policy setting Machine FALSE System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled Machine FALSE System\Troubleshooting and Diagnostics\Windows Performance PerfTrack HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469!DCSettingIndex At least Windows Vista This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\8183ba9a-e910-48da-8769-14ae6dc1170a!DCSettingIndex At least Windows Vista This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\bcded951-187b-4d05-bccc-f7e51960c258!DCSettingIndex At least Windows Vista This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!ACSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!ACSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!ACSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!ACSettingIndex Windows Vista only This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EB!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936!DCSettingIndex At least Windows Vista This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting Machine FALSE System\Power Management\Button Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A7066653-8D6C-40A8-910E-A1F54B84C7E5!DCSettingIndex Windows Vista only This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting Machine FALSE System\Power Management\Hard Disk Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!ACSettingIndex At least Windows Vista This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting Machine FALSE System\Power Management\Hard Disk Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756E!DCSettingIndex At least Windows Vista This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting Machine FALSE System\Power Management HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme At least Windows Vista This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg Machine FALSE System\Power Management HKLM\Software\Policies\Microsoft\Power\PowerSettings!ActivePowerScheme At least Windows Vista This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan User FALSE System\Power Management HKCU\Software\Policies\Microsoft\Windows\System\Power!PromptPasswordOnResume Windows Server 2003 Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!ACSettingIndex At least Windows Vista This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!ACSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!ACSettingIndex At least Windows Vista This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!ACSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!ACSettingIndex At least Windows Vista This policy setting allows you to turn off hybrid sleep.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1!DCSettingIndex At least Windows Vista This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364!DCSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51!DCSettingIndex At least Windows Vista This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA!DCSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47e!DCSettingIndex At least Windows Vista This policy setting allows you to turn off hybrid sleep.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!ACSettingIndex At least Windows Vista This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335B!DCSettingIndex At least Windows Vista This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!ACSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E!DCSettingIndex At least Windows Vista This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!ACSettingIndex At least Windows Vista This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab!DCSettingIndex At least Windows Vista This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT!DontPowerOffAfterShutdown At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04d!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting Machine FALSE System\Power Management\Video and Display Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!ACSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting Machine FALSE System\Power Management\Sleep Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting Machine FALSE System\Power Management\Notification Settings HKLM\Software\Policies\Microsoft\Power\PowerSettings\F3C5027D-CD16-4930-AA6B-90DB844A8F00!DCSettingIndex At least Windows Server 2008 R2 or Windows 7 This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting Machine FALSE \Windows PowerShell HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts User FALSE \Windows PowerShell HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts Machine FALSE \Windows PowerShell HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging User FALSE \Windows PowerShell HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging Machine FALSE \Windows PowerShell HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath User FALSE \Windows PowerShell HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableBackupRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage Supported Windows Vista through Windows 7 This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalPage Supported Windows Vista through Windows 7 This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableLocalRestore Supported Windows Vista through Windows 7 This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage At least Windows Vista This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemotePage At least Windows Vista This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore At least Windows Vista This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!DisableRemoteRestore At least Windows Vista This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting User FALSE Windows Components\File Explorer\Previous Versions HKCU\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries Supported Windows Vista through Windows 7 This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Machine FALSE Windows Components\File Explorer\Previous Versions HKLM\Software\Policies\Microsoft\PreviousVersions!HideBackupEntries Supported Windows Vista through Windows 7 This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPrinting Windows 2000 only Internet printing lets you display printers on Web pages so that printers can be viewed Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ApplicationDriverIsolation At least Windows Server 2012 Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!SupportLink Windows Server 2003 Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Downlevel Browse At least Windows 2000 Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceCSREMFDespooling At least Windows Vista When printing through a print server Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ForceSoftwareRasterization At least Windows Server 2012 User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Printers Page URL Windows Server 2003 Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!KMPrintersAreBlocked Windows Server 2003 User FALSE Control Panel\Printers HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAddPrinter At least Windows 2000 Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled User FALSE Control Panel\Printers HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDeletePrinter At least Windows 2000 If this policy setting is enabled Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly Windows Server 2008 and Windows Vista This policy restricts clients computers to use package point and print only.If this setting is enabled User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintOnly At least Windows Vista This policy restricts clients computers to use package point and print only.If this setting is enabled Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocation At least Windows 2000 If this policy setting is enabled Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PhysicalLocationSupport At least Windows 2000 Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted User FALSE Control Panel\Printers HKCU\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Default Search Scope At least Windows 2000 Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!ServerThread At least Windows 2000 Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationExecutionPolicy At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes) Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PrintDriverIsolationOverrideCompat At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!V4DriverDisallowPrinterExtension At least Windows Server 2012 Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!MXDWUseLegacyOutputFormatMSXPS At least Windows Server 2012 Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!RegisterSpoolerRemoteRpcEndPoint At least Windows Server 2003 This policy controls whether the print spooler will accept client connections.When the policy is unconfigured Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!Auto Publishing Windows Server 2003 Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruneDownlevel At least Windows 2000 Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningInterval At least Windows 2000 Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningPriority At least Windows 2000 Sets the priority of the pruning thread. The pruning thread Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetries At least Windows 2000 Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PruningRetryLog At least Windows Server 2003 operating systems or Windows XP Professional Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!PublishPrinters At least Windows 2000 Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!VerifyPublishedState At least Windows 2000 Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default Machine FALSE Printers HKLM\Software\Policies\Microsoft\Windows NT\Printers!Immortal At least Windows 2000 Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsCPL At least Windows Vista This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoProgramsAndFeatures At least Windows Vista This setting prevents users from accessing "Programs and Features" to view User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoInstalledUpdates At least Windows Vista This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoDefaultPrograms At least Windows Vista This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsMarketplace Windows Vista only This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoGetPrograms At least Windows Vista Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View User FALSE Control Panel\Programs HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Programs!NoWindowsFeatures At least Windows Vista This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!LoggingLevel At least Windows Server 2008 This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!SNISPasswordSyncEnable At least Windows Server 2008 This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting Machine FALSE Windows Components\Password Synchronization HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeBestEffort At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeControlledLoad At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeGuaranteed At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeNetworkControl At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming!ServiceTypeQualitative At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeBestEffort At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeControlledLoad At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeGuaranteed At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeNetworkControl At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\DSCP value of non-conforming packets HKLM\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming!ServiceTypeQualitative At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Machine FALSE Network\QoS Packet Scheduler HKLM\Software\Policies\Microsoft\Windows\Psched!MaxOutstandingSends At least Windows Server 2003 operating systems or Windows XP Professional Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit Machine FALSE Network\QoS Packet Scheduler HKLM\Software\Policies\Microsoft\Windows\Psched!NonBestEffortLimit At least Windows Server 2003 operating systems or Windows XP Professional Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default Machine FALSE Network\QoS Packet Scheduler HKLM\Software\Policies\Microsoft\Windows\Psched!TimerResolution At least Windows Server 2003 operating systems or Windows XP Professional Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeBestEffort At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeControlledLoad At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeGuaranteed At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNetworkControl At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeNonConforming At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine FALSE Network\QoS Packet Scheduler\Layer-2 priority value HKLM\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping!ServiceTypeQualitative At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Machine FALSE Windows Components\Windows Reliability Analysis HKLM\SOFTWARE\Policies\Microsoft\Windows\Reliability Analysis\WMI!WMIEnable At least Windows Server 2008 R2 or Windows 7 This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel Machine FALSE System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled Machine FALSE System\Recovery HKLM\SOFTWARE\Policies\Microsoft\Windows\WinRE!DisableSetup Windows Server 2008 R2 and Windows 7 Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled Machine FALSE Windows Components\Windows Error Reporting\Advanced Error Reporting Settings HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!IncludeShutdownErrs Windows Server 2003 only This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!SnapShot Windows Server 2003 only This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!LoggingEnabled At least Windows Vista This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!CreateEncryptedOnlyTickets At least Windows Vista This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp Machine FALSE System\Remote Assistance HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Floppy Drives removable storage class Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Floppy Drives removable storage class User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Floppy Drives removable storage class Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Floppy Drives removable storage class Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to the Floppy Drives removable storage class User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to removable disks.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to removable disks.If you enable this policy setting User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to removable disks.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to removable disks.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to removable disks.If you enable this policy setting User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All At least Windows Vista Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!Deny_All At least Windows Vista Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Read At least Windows Vista This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Write At least Windows Vista This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}!Deny_Execute At least Windows Server 2008 R2 or Windows 7 This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read User FALSE System\Removable Storage Access HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write Machine FALSE System\Removable Storage Access HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!AllowRemoteDASD At least Windows Vista This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!EnableAuthEpResolution At least Windows XP Professional with SP2 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!MinimumConnectionTimeout At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!RestrictRemoteClients At least Windows XP Professional with SP2 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting Machine FALSE System\Remote Procedure Call HKLM\Software\Policies\Microsoft\Windows NT\Rpc!StateInformation At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether the RPC Runtime maintains RPC state information for the system Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!MaxGPOScriptWait At least Windows 2000 This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLegacyLogonScripts At least Windows 2000 This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogoffScripts At least Windows 2000 This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync At least Windows 2000 This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunLogonScriptSync At least Windows 2000 This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting User FALSE System\Scripts HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideLogonScripts At least Windows 2000 This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default TRUE TRUE TRUE Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideShutdownScripts At least Windows 2000 This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!RunStartupScriptSync At least Windows 2000 This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!HideStartupScripts At least Windows 2000 This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default Machine FALSE System\Scripts HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!Allow-LogonScript-NetbiosDisabled At least Windows Vista This policy setting allows user logon scripts to run when the logon cross-forest Machine FALSE System\Troubleshooting and Diagnostics\Scripted Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!ValidateTrust At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting Machine FALSE System\Troubleshooting and Diagnostics\Scripted Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics!EnableDiagnostics At least Windows Server 2008 R2 or Windows 7 This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting Machine FALSE System\Troubleshooting and Diagnostics\Scripted Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!EnableQueryRemoteServer At least Windows Server 2008 R2 or Windows 7 This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states Machine FALSE System\Troubleshooting and Diagnostics\Scheduled Maintenance HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!HideUNCTab Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowIndexingEncryptedStoresOrItems Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableBackoff Any version of Microsoft Windows with Windows Search 4.0 or later If enabled Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventRemoteQueries Any version of Microsoft Windows with Windows Search 4.0 or later If enabled Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexOnBattery Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations Microsoft Windows XP User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventModifyingIndexedLocations Any version of Microsoft Windows with Windows Search 4.0 or later If enabled Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AllowUsingDiacritics Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AlwaysUseAutoLangDetection Microsoft Windows 8 or later This policy setting determines when Windows uses automatic language detection results Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableRemovableDriveIndexing Microsoft %WINDOWS_CLIENT_VERSION_6_3_BLUE% or later This policy setting disables indexing of removable drives. Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWeb Microsoft %WINDOWS_CLIENT_VERSION_6_3_BLUE% or later This policy setting allows you to control whether or not Search can perform queries on the web Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchUseWebOverMeteredConnections Microsoft %WINDOWS_CLIENT_VERSION_6_3_BLUE% or later This policy setting allows you to control whether or not Search can perform queries on the web over metered connections Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy Machine TRUE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!AutoIndexSharedFolders Any version of Microsoft Windows with Windows Search 4.0 This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!FavoriteLocations Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventUsingAdvancedIndexingOptions Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOfflineFiles Microsoft Windows Vista or later If enabled Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingUncachedExchangeFolders Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableIndexingDelegateMailboxes Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingOutlook Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingEmailAttachments Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!RichAttachmentPreviews Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingPublicFolders Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DataDirectory Microsoft Windows Vista Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PrimaryIntranetSearchScopeUrl Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SecondaryIntranetSearchScopeUrl Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreviewPaneLocation Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!SearchResultIconSize Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!PreventIndexingLowDiskSpaceMB Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventUnwantedAddins Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!DisableWebSearch Microsoft Windows XP Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths Microsoft Windows XP User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingCertainPaths Any version of Microsoft Windows with Windows Search 4.0 or later If you enable this policy setting Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths Microsoft Windows XP User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultIndexedPaths Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths Microsoft Windows XP User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Search\DefaultExcludedPaths Any version of Microsoft Windows with Windows Search 4.0 or later Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis Machine FALSE \Search HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0 User FALSE \Search HKCU\SOFTWARE\Policies\Microsoft\Windows\Explorer!DisableSearchHistory Microsoft Windows 8 or later This policy setting prevents search queries from being stored in the registry. If you enable this policy setting Machine FALSE \OCR HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs Machine FALSE \OCR HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!OCREveryPage Microsoft Windows 7 or later This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document Machine FALSE Windows Components\Security Center HKLM\Software\Policies\Microsoft\Windows NT\Security Center!SecurityCenterInDomain At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on User FALSE Windows Components\Location and Sensors HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the sensor feature for this computer. If you enable this policy setting Machine FALSE Windows Components\Location and Sensors HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableSensors At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the sensor feature for this computer. If you enable this policy setting User FALSE Windows Components\Location and Sensors HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the location feature for this computer. If you enable this policy setting Machine FALSE Windows Components\Location and Sensors HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocation At least Windows Server 2008 R2 or Windows 7 This policy setting turns off the location feature for this computer. If you enable this policy setting User FALSE Windows Components\Location and Sensors HKCU\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting At least Windows Server 2008 R2 or Windows 7 This policy setting turns off scripting for the location feature. If you enable this policy setting Machine FALSE Windows Components\Location and Sensors HKLM\Software\Policies\Microsoft\Windows\LocationAndSensors!DisableLocationScripting At least Windows Server 2008 R2 or Windows 7 This policy setting turns off scripting for the location feature. If you enable this policy setting Machine FALSE System\Server Manager HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!DoNotOpenAtLogon At least Windows Server 2008 This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting Machine FALSE System\Server Manager HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled Machine FALSE System\Server Manager HKLM\Software\Policies\Microsoft\Windows\Server\InitialConfigurationTasks!DoNotOpenAtLogon Windows Server 2008 and Windows Server 2008 R2 operating systems only This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\MYS!DisableShowAtLogon At least Windows Server 2003 This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting Machine FALSE System HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync Machine TRUE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync Machine FALSE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSyncOnPaidNetwork At least Windows Server 2012 Machine TRUE Windows Components\Sync your settings HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Setup!ServicePackSourcePath At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting Machine FALSE System HKLM\Software\Policies\Microsoft\Windows NT\Setup!SourcePath At least Windows Server 2003 operating systems or Windows XP Professional Specifies an alternate location for Windows installation files.If you enable this policy setting Machine FALSE System\Internet Communication Management\Internet Communication settings HKLM\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing At least Windows Server 2008 R2 or Windows 7 Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy User FALSE System\Internet Communication Management\Internet Communication settings HKCU\Software\Policies\Microsoft\Windows\TabletPC!PreventHandwritingDataSharing At least Windows Server 2008 R2 or Windows 7 Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy User FALSE Shared Folders HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishDfsRoots At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting User FALSE Shared Folders HKCU\Software\Policies\Microsoft\Windows NT\SharedFolders!PublishSharedFolders At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting User FALSE Windows Components\Network Sharing HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInplaceSharing At least Windows Vista This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting Machine FALSE Windows Components\HomeGroup HKLM\Software\Policies\Microsoft\Windows\HomeGroup!DisableHomeGroup At least Windows Server 2008 R2 or Windows 7 This policy setting specifies whether users can add computers to a homegroup. By default User FALSE System HKCU\Software\Policies\Microsoft\Windows\System!DisableCMD At least Windows 2000 This policy setting prevents users from running the interactive command prompt User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableRegistryTools At least Windows 2000 Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun User FALSE System HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictWelcomeCenter Windows Vista only This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting User FALSE Windows Components\Desktop Gadgets HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar Windows Server 2008 Machine FALSE Windows Components\Desktop Gadgets HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffSidebar Windows Server 2008 User FALSE Windows Components\Desktop Gadgets HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets Windows Server 2008 Machine FALSE Windows Components\Desktop Gadgets HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUnsignedGadgets Windows Server 2008 User FALSE Windows Components\Desktop Gadgets HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets Windows Server 2008 Machine FALSE Windows Components\Desktop Gadgets HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar!TurnOffUserInstalledGadgets Windows Server 2008 Machine TRUE HKLM\Software\Policies\Microsoft\Windows\Skydrive!DisableFileSync At least Windows Server 2012 R2 Machine TRUE HKLM\Software\Policies\Microsoft\Windows\Skydrive!DisableMeteredNetworkFileSync At least Windows Server 2012 R2 Machine TRUE HKLM\Software\Policies\Microsoft\Windows\Skydrive!DisableLibrariesDefaultSaveToSkyDrive At least Windows Server 2012 R2 Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowCertificatesWithNoEKU At least Windows Vista This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowIntegratedUnblock At least Windows Vista This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!FilterDuplicateCerts At least Windows Vista This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ForceReadingAllCertificates At least Windows Vista This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowSignatureOnlyKeys At least Windows Vista This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!AllowTimeInvalidCertificates At least Windows Vista This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!CertPropEnabled At least Windows Vista This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!RootCertificateCleanupOption At least Windows Vista This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\CertProp!EnableRootCertificatePropagation At least Windows Vista This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!IntegratedUnblockPromptString At least Windows Vista This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!ReverseSubject At least Windows Vista This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!DisallowPlaintextPin At least Windows Vista Service Pack 1 This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!X509HintsNeeded At least Windows Vista This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!EnableScPnP At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\ScPnP!ScPnPNotification At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting Machine FALSE Windows Components\Smart Card HKLM\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider!EnumerateECCCerts At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting Machine FALSE Windows Components\Server for NIS HKLM\Software\Policies\Microsoft\Windows\Server for NIS!LoggingLevel At least Windows Server 2008 This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting Machine FALSE Windows Components\Server for NIS HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state Machine FALSE Network\SNMP HKLM\Software\Policies\SNMP\Parameters\ValidCommunities At least Windows Server 2003 operating systems or Windows XP Professional This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network Machine FALSE Network\SNMP HKLM\Software\Policies\SNMP\Parameters\PermittedManagers At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting Machine FALSE Network\SNMP HKLM\Software\Policies\SNMP\Parameters\TrapConfiguration\public At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting User FALSE Windows Components\Sound Recorder HKCU\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec At least Windows Vista Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Machine FALSE Windows Components\Sound Recorder HKLM\SOFTWARE\Policies\Microsoft\SoundRecorder!Soundrec At least Windows Vista Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Machine FALSE System\File Classification Infrastructure HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!EnableManualUX At least Windows Server 2012 Machine FALSE System\File Classification Infrastructure HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!CentralClassificationList At least Windows Server 2012 Machine FALSE System\Access-Denied Assistance HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled Machine FALSE System\Access-Denied Assistance HKLM\SOFTWARE\Policies\Microsoft\Windows\Explorer!EnableShellExecuteFileStreamCheck At least Windows Server 2012 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentProgForNewUserInStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyGames Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchComputerLinkInStartMenu Windows Vista only If you enable this policy User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchEverywhereLinkInStartMenu At least Windows Server 2008 R2 or Windows 7 If you enable this policy User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!AddSearchInternetLinkInStartMenu Windows Server 2008 R2 and Windows 7 If you enable this policy User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchFilesInStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchInternetInStartMenu Windows Server 2008 and Windows Vista If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchProgramsInStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSearchCommInStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserFolderInStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceRunOnStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!QuickLaunchEnabled Windows Vista only This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClearRecentDocsOnExit At least Windows 2000 Clear history of recently opened documents on exit.If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ForceStartMenuLogOff Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!GreyMSIAds Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!Intellimenus Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LockTaskbar At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the taskbar User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MemCheckBoxInRunDlg At least Windows 2000 Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutoTrayNotify At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the notification area User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMBalloonTip Windows Server 2003 and Windows XP only Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeStartMenu At least Windows 2000 This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!ClearTilesOnExit At least Windows Server 2012 Machine TRUE Start Menu and Taskbar HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled Machine TRUE Start Menu and Taskbar HKLM\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout TRUE User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCommonGroups At least Windows 2000 Removes items in the All Users profile from the Programs menu on the Start menu.By default User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFavoritesMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFind Windows Server 2003 and Windows XP only This policy setting allows you to remove the Search link from the Start menu User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMFUprogramsList Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMHelp Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInstrumentation Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMorePrograms At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetworkConnections Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuPinnedList Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsHistory At least Windows 2000 Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecentDocsMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveSearch At least Windows 2000 This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoResolveTrack At least Windows 2000 This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRun At least Windows 2000 Allows you to remove the Run command from the Start menu User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetFolders At least Windows 2000 This policy setting allows you to remove programs on Settings menu.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSetTaskbar At least Windows 2000 This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMConfigurePrograms Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyDocs Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuMyMusic Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuNetworkPlaces Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSMMyPictures Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuSubFolders Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSimpleStartMenu Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideClock At least Windows Server 2003 operating systems or Windows XP Professional Prevents the clock in the system notification area from being displayed.If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTaskGrouping At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoToolbarsOnTaskbar At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the taskbar.The taskbar includes the Start button User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayContextMenu At least Windows 2000 This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoTrayItemsDisplay At least Windows Server 2003 operating systems or Windows XP Professional This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoUserNameInStartMenu Windows Server 2003 and Windows XP only This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWindowsUpdate At least Windows 2000 This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStartMenuEjectPC At least Windows Server 2003 operating systems or Windows XP Professional If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!StartMenuLogOff At least Windows 2000 This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuHomegroup Windows Server 2008 R2 and Windows 7 If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuDownloads Windows Server 2008 R2 and Windows 7 This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuRecordedTV Windows Server 2008 R2 and Windows 7 This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoStartMenuVideos Windows Server 2008 R2 and Windows 7 This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoUninstallFromStart At least Windows Server 2012 User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!PowerButtonAction Windows Server 2008 R2 and Windows 7 Set the default action of the power button on the Start menu.If you enable this setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!ShowRunAsDifferentUserInStart At least Windows Server 2012 User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultSignIn At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultApp At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultSearch At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!SortView At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!Multimon At least Windows Server 2012 R2 Machine FALSE System\System Restore HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableConfig At least Windows Server 2008 R2 or Windows 7 Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users Machine FALSE System\System Restore HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore!DisableSR At least Windows Server 2008 R2 or Windows 7 Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!DisableACIntegration Windows Server 2008 Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!DisableACIntegration Windows Server 2008 User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget Windows Server 2008 Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!DisableEdgeTarget Windows Server 2008 TRUE TRUE TRUE TRUE User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState TRUE TRUE User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!ScratchOutState User FALSE Windows Components\Tablet PC\Input Panel HKCU\software\policies\microsoft\TabletTip\1.7!DisablePrediction At least Windows Server 2008 R2 or Windows 7 Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Machine FALSE Windows Components\Tablet PC\Input Panel HKLM\software\policies\microsoft\TabletTip\1.7!DisablePrediction At least Windows Server 2008 R2 or Windows 7 Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball Windows Vista only Prevents start of InkBall game.If you enable this policy Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableInkball Windows Vista only Prevents start of InkBall game.If you enable this policy User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal At least Windows Vista Prevents start of Windows Journal.If you enable this policy Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableJournal At least Windows Vista Prevents start of Windows Journal.If you enable this policy User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting At least Windows Vista Prevents printing to Journal Note Writer.If you enable this policy Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableNoteWriterPrinting At least Windows Vista Prevents printing to Journal Note Writer.If you enable this policy User FALSE Windows Components\Tablet PC\Accessories HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool At least Windows Vista Prevents the snipping tool from running.If you enable this policy setting Machine FALSE Windows Components\Tablet PC\Accessories HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisableSnippingTool At least Windows Vista Prevents the snipping tool from running.If you enable this policy setting User FALSE Windows Components\Tablet PC\Cursors HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback Windows Server 2008 Machine FALSE Windows Components\Tablet PC\Cursors HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffPenFeedback Windows Server 2008 User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping At least Windows Vista Removes the Back->ESC mapping that normally occurs when menus are visible Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonBackEscapeMapping At least Windows Vista Removes the Back->ESC mapping that normally occurs when menus are visible User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch At least Windows Vista Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonApplicationLaunch At least Windows Vista Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold At least Windows Vista Prevents press and hold actions on hardware buttons Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventButtonPressAndHold At least Windows Vista Prevents press and hold actions on hardware buttons User FALSE Windows Components\Tablet PC\Hardware Buttons HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons At least Windows Vista Turns off Tablet PC hardware buttons.If you enable this policy Machine FALSE Windows Components\Tablet PC\Hardware Buttons HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurnOffButtons At least Windows Vista Turns off Tablet PC hardware buttons.If you enable this policy User FALSE Windows Components\Tablet PC\Pen Flicks Learning HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode Windows Server 2008 Machine FALSE Windows Components\Tablet PC\Pen Flicks Learning HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicksLearningMode Windows Server 2008 User FALSE Windows Components\Tablet PC\Pen UX Behaviors HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks Windows Server 2008 Machine FALSE Windows Components\Tablet PC\Pen UX Behaviors HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreventFlicks Windows Server 2008 User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAPower At least Windows Vista This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCANetwork At least Windows Vista This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAVolume At least Windows Vista This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!HideSCAHealth At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarLockAll At least Windows Vista This policy setting allows you to lock all taskbar settings.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoAddRemoveToolbar At least Windows Vista This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoDragToolbar At least Windows Vista This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoNotification At least Windows Vista This policy setting allows you to turn off all notification balloons.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoRedock At least Windows Vista This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoResize At least Windows Vista This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!TaskbarNoThumbnail Windows Vista only This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoPinnedList At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSystraySystemPromotion At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoBalloonFeatureAdvertisements At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoRemoteDestinations At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToTaskbar At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!NoPinningToDestinations At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting User FALSE Start Menu and Taskbar HKCU\Software\Policies\Microsoft\Windows\Explorer!TaskbarNoMultimon At least Windows Server 2012 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Allow Browse Windows Server 2003 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Disable Advanced Windows Server 2003 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!DragAndDrop Windows Server 2003 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Execution Windows Server 2003 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Property Pages Windows Server 2003 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Creation Windows Server 2003 User FALSE Windows Components\Task Scheduler HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion Windows Server 2003 Machine FALSE Windows Components\Task Scheduler HKLM\Software\Policies\Microsoft\Windows\Task Scheduler5.0!Task Deletion Windows Server 2003 Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_State At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!ISATAP_RouterName At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_State At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure 6to4 Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterName At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!6to4_RouterNameResolutionInterval At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_State At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure Teredo Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ServerName At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_RefreshRate At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_ClientPort At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0 Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition!Teredo_DefaultQualified At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to set Teredo to be ready to communicate Machine FALSE Network\TCPIP Settings\IPv6 Transition Technologies HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState Machine FALSE Network\TCPIP Settings\Parameters HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableWsd At least Windows Vista Service Pack 1 This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting Machine FALSE Network\TCPIP Settings\Parameters HKLM\System\CurrentControlSet\Services\Tcpip\Parameters!EnableIPAutoConfigurationLimits At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection At least Windows Server 2008 This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip At least Windows Server 2008 This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper At least Windows Server 2008 This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode At least Windows Server 2008 This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowUnlistedRemotePrograms At least Windows Server 2008 This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fAllowDesktopCompositionOnServer Windows Server 2008 R2 only This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ParticipateInLoadBalancing At least Windows Server 2008 This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter At least Windows Server 2008 This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RedirectOnlyDefaultClientPrinter At least Windows Server 2008 This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit At least Windows Server 2008 This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!RemoteAppLogoffTimeLimit At least Windows Server 2008 This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoFontSmoothing At least Windows Server 2008 R2 This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!VIPAdapter At least Windows Server 2008 R2 This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!PromptOnIPLeaseFail At least Windows Server 2008 R2 This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows\Session Manager\Quota System!EnableCpuQuota At least Windows Server 2008 R2 Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSI!Enable At least Windows Server 2008 R2 This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!bEnumerateHWBeforeSW At least Windows Server 2012 R2 with RDSH role installed This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality Windows 7 with Service Pack 1 This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile Windows 7 with Service Pack 1 This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default User TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ShadowUAC Windows Server 2008 R2 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect Windows 7 with Service Pack 1 This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport Windows 7 with Service Pack 1 This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\RD Gateway HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy User FALSE Windows Components\Remote Desktop Services\RD Gateway HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAutoReconnect At least Windows Server 2003 operating systems or Windows XP Professional Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ColorDepth Windows Server 2008 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxMonitors At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fNoRemoteDesktopWallpaper At least Windows Server 2003 operating systems or Windows XP Professional Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableForcibleLogoff At least Windows XP and Windows Server 2003 only This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicenseServers At least Windows Server 2003 with Service Pack 1 This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableTerminalServerTooltip At least Windows Server 2003 with Service Pack 1 This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!LicensingMode At least Windows Server 2003 with Service Pack 1 This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxInstanceCount At least Windows Server 2003 Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDisconnect At least Windows 2000 Terminal Services This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNTSecurity At least Windows 2000 Terminal Services Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllUserInstallAgent!LogonWaitForPackageRegistration At least Windows 8 Enterprise or Windows Server 2012 R2 This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow Windows Server 2008 R2 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!Shadow Windows Server 2008 R2 Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ShadowUAC Windows Server 2008 R2 Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ShadowTimeout Windows Server 2008 R2 Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableRemoteFXAdvancedRemoteApp At least Windows Server 2012 R2 or Windows 8.1 Preview This policy setting allows you to enable RemoteApp programs to use advanced graphics Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fSingleSessionPerUser At least Windows Server 2003 This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fWritableTSCCPermTab At least Windows Server 2003 This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fTurnOffSingleAppMode At least Windows Server 2003 with Service Pack 1 This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFProfilePath At least Windows Server 2003 This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFDontAppendUserNameToProfile At least Windows Server 2003 with Service Pack 2 This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile Machine FALSE Windows Components\Remote Desktop Services\RD Licensing HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fSecureLicensing At least Windows Server 2003 This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default Machine FALSE Windows Components\Remote Desktop Services\RD Licensing HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services!fPreventLicenseUpgrade At least Windows Server 2003 This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCam At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowedAudioQualityMode At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableAudioCapture At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableClip At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCcm At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fForceClientLptDef At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst At least Windows Server 2008 or Windows 7 This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseUniversalPrinterDriverFirst At least Windows Server 2008 or Windows 7 This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableLPT At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisablePNPRedir At least Windows Vista This policy setting allows you to control the redirection of supported Plug and Play devices Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCpm At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableSmartCard At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableTimeZoneRedirection At least Windows Server 2003 This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEncryptRPCTraffic At least Windows Server 2003 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryActive At least Windows Server 2003 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryClusterName At least Windows Server 2003 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryExposeServerIP At least Windows Server 2003 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SessionDirectoryLocation At least Windows Server 2003 User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken At least Windows Server 2003 operating systems or Windows XP Professional This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fResetBroken At least Windows Server 2003 operating systems or Windows XP Professional This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxConnectionTime At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit At least Windows Server 2003 This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir At least Windows Server 2003 This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default User FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowUnsignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowSignedFiles At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints At least Windows Vista with Service Pack 1 This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting User FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!TrustedCertThumbprints At least Windows Vista with Service Pack 1 This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PromptForCredsOnClient At least Windows Vista with Service Pack 1 This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AuthenticationLevel At least Windows Vista with Service Pack 1 This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!ImageQuality At least Windows Server 2012 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!GraphicsProfile At least Windows Server 2012 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxCompressionLevel At least Windows Vista with Service Pack 1 This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default Machine TRUE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fServerEnableRDP8 Windows 7 with Service Pack 1 This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!VisualExperiencePolicy Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client!fUsbRedirectionEnableMode At least Windows 7 with Service Pack 1 or Windows Server 2008 R2 with Service Pack 1 This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics Windows 7 or Windows Server 2008 R2 (and their subsequent Service Packs) only This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2 HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fEnableVirtualizedGraphics At least Windows Server 2012 User FALSE Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections HKCU\SOFTWARE\Policies\Microsoft\Workspaces!DefaultConnectionURL At least Windows Server 2012 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectNetworkDetect At least Windows Server 2012 Machine FALSE Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!SelectTransport At least Windows Server 2012 Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\TPM!OSManagedAuthLevel At least Windows Server 2012 Machine FALSE System\Trusted Platform Module Services HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreDefaultList At least Windows Vista This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\TPM\BlockedCommands!IgnoreLocalList At least Windows Vista This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold Machine FALSE System\Trusted Platform Module Services HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!AddAdminGroupToRUP At least Windows Server 2003 operating systems or Windows XP Professional This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!CompatibleRUPSecurity At least Windows Server 2003 operating systems User FALSE System\User Profiles HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!ConnectHomeDirToRoot Windows Server 2003 Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!DeleteRoamingCache At least Windows 2000 This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkDetectEnabled At least Windows 2000 This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkUIEnabled At least Windows 2000 This policy setting provides users with the ability to download their roaming profile User FALSE System\User Profiles HKCU\Software\Policies\Microsoft\Windows\System!ExcludeProfileDirs At least Windows 2000 This policy setting lets you exclude folders that are normally included in the user's profile. As a result Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!LeaveAppMgmtData At least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2 This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings User FALSE System\User Profiles HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!LocalProfile At least Windows Server 2003 operating systems or Windows XP Professional This setting determines if roaming user profiles are available on a particular computer. By default Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ProfileDlgTimeOut Windows Server 2003 Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ProfileErrorAction At least Windows 2000 This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ProfileUnloadTimeout Windows Server 2003 Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!ReadOnlyProfile At least Windows Server 2003 operating systems or Windows XP Professional This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!SlowLinkProfileDefault At least Windows 2000 This policy setting directs the system to wait for the remote copy of the roaming user profile to load Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!CleanupProfiles At least Windows Vista This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting User FALSE System\User Profiles HKCU\Software\Policies\Microsoft\Windows\System!CscSuspendDirs At least Windows Vista This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!DisableForceUnload At least Windows Vista This policy setting controls whether Windows forcefully unloads the user's registry at logoff Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!WaitForNetwork At least Windows Vista This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!MachineProfilePath At least Windows Vista This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod TRUE Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!PrimaryComputerEnabledRUP At least Windows Server 2012 Machine FALSE System\User Profiles HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!ActiveDirectoryBackup Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRecoveryPassword Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\SOFTWARE\Policies\Microsoft\FVE!DefaultRecoveryFolderPath At least Windows Vista This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting TRUE Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\SOFTWARE\Policies\Microsoft\FVE!EncryptionMethodNoDiffuser At least Windows Server 2012 Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!MorBehavior At least Windows Vista This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!UseEnhancedPin At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSPassphrase Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!TPMAutoReseal At least Windows Server 2012 Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!DisallowStandardUserPINReset At least Windows Server 2012 or Windows 8 This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!IdentificationField Machine FALSE Windows Components\BitLocker Drive Encryption HKLM\Software\Policies\Microsoft\FVE!CertificateOID At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSUseEnhancedBcdProfile Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSRecovery Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryptionType Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!EnableNonTPM Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!UseAdvancedStartup Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSManageNKP At least Windows Server 2012 or Windows 8 This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy TRUE Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!MinimumPIN At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHardwareEncryption Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSEnablePrebootInputProtectorsOnSlates At least Windows Server 2012 or Windows 8 This policy setting allows users to turn on authentication options that require user input from the pre-boot environment Machine FALSE Windows Components\BitLocker Drive Encryption\Operating System Drives HKLM\Software\Policies\Microsoft\FVE!OSAllowSecureBootForIntegrity At least Windows Server 2012 Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRecovery Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\Software\Policies\Microsoft\FVE!FDVPassphrase Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!FDVDenyWriteAccess At least Windows Server 2008 R2 or Windows 7 This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\Software\Policies\Microsoft\FVE!FDVDiscoveryVolumeType Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\Software\Policies\Microsoft\FVE!FDVAllowUserCert Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncryptionType Machine FALSE Windows Components\BitLocker Drive Encryption\Fixed Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHardwareEncryption Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecovery Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVConfigureBDE Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVPassphrase Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVDiscoveryVolumeType Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\Software\Policies\Microsoft\FVE!RDVAllowUserCert Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncryptionType Machine FALSE Windows Components\BitLocker Drive Encryption\Removable Data Drives HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHardwareEncryption Machine FALSE System\Windows Time Service HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate Machine FALSE System\Windows Time Service\Time Providers HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer Machine FALSE System\Windows Time Service\Time Providers HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!Enabled At least Windows Server 2003 operating systems or Windows XP Professional This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting Machine FALSE System\Windows Time Service\Time Providers HKLM\Software\Policies\Microsoft\W32Time\TimeProviders\NtpServer!Enabled At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockNonDomain At least Windows Server 2012 Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fMinimizeConnections At least Windows Server 2012 Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fBlockRoaming At least Windows Server 2012 Machine FALSE Network\Windows Connection Manager HKLM\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy!fDisablePowerManagement At least Windows Server 2012 Machine FALSE System\Troubleshooting and Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled Machine FALSE System\Troubleshooting and Diagnostics HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled User FALSE Windows Components\Windows Calendar HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal Windows Vista only Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars Machine FALSE Windows Components\Windows Calendar HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows!TurnOffWinCal Windows Vista only Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars Machine FALSE Windows Components\Add features to Windows 8.1 Preview HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled At least Windows Server 2008 R2 or Windows 7 By default User FALSE Windows Components\Add features to Windows 8.1 Preview HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled At least Windows Server 2008 R2 or Windows 7 By default Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!OnlySystemBackup At least Windows Server 2008 This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToDisk At least Windows Server 2008 This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToNetwork At least Windows Server 2008 This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoBackupToOptical At least Windows Server 2008 This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting Machine FALSE \Server HKLM\Software\Policies\Microsoft\Windows\Backup\Server!NoRunNowBackup At least Windows Server 2008 This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting User FALSE Windows Components\Windows Color System HKCU\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall At least Windows Vista This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting Machine FALSE Windows Components\Windows Color System HKLM\Software\Policies\Microsoft\Windows\WindowsColorSystem!ProhibitInstallUninstall At least Windows Vista This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting User FALSE Network\Windows Connect Now HKCU\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi At least Windows Vista This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting Machine FALSE Network\Windows Connect Now HKLM\Software\Policies\Microsoft\Windows\WCN\UI!DisableWcnUi At least Windows Vista This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting Machine FALSE Network\Windows Connect Now HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!AllowFastServiceStartup At least Windows Server 2012 Machine FALSE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableAntiSpyware At least Windows Vista This policy setting allows you to manage whether spyware definitions are used during a scan.If you enable or do not configure this setting Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableAntivirus At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableLocalAdminMerge At least Windows Server 2012 Machine FALSE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!DisableRoutinelyTakingAction At least Windows Vista This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!ProxyBypass Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!ProxyServer Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!RandomizeScheduleTaskTimes At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender HKLM\Software\Policies\Microsoft\Windows Defender!ServiceKeepAlive At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions Machine TRUE Windows Components\Windows Defender\Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths Machine TRUE Windows Components\Windows Defender\Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS!DisableProtocolRecognition At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!DisableSignatureRetirement At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges!Nis_Consumers_IPS_Exclusions_Ip_Ranges_Ip_Range Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports!Nis_Consumers_IPS_Exclusions_Ports_Port_Number Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name Machine TRUE Windows Components\Windows Defender\Network Inspection System Exclusions HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs!Nis_Consumers_IPS_Exclusions_Threat_Ids_Threat_Id Machine TRUE Windows Components\Windows Defender\Network Inspection System HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid Machine TRUE Windows Components\Windows Defender\Quarantine HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!LocalSettingOverridePurgeItemsAfterDelay At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Quarantine HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableBehaviorMonitoring At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableInformationProtectionControl At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIntrusionPreventionSystem At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableIOAVProtection At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableOnAccessProtection At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRawWriteNotification At least Windows Server 2012 Machine FALSE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableRealtimeMonitoring At least Windows Vista This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!DisableScanOnRealtimeEnable At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableBehaviorMonitoring At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableOnAccessProtection At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableIntrusionPreventionSystem At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableIOAVProtection At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideDisableRealtimeMonitoring At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!LocalSettingOverrideRealtimeScanDirection At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Real-time Protection HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection Machine TRUE Windows Components\Windows Defender\Remediation HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!LocalSettingOverrideScan_ScheduleTime At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Remediation HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay Machine TRUE Windows Components\Windows Defender\Remediation HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!DisableGenericRePorts At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents Machine TRUE Windows Components\Windows Defender\Reporting HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AllowPause At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor Machine FALSE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!CheckForSignaturesBeforeRunningScan At least Windows Vista This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate" Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableArchiveScanning At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupFullScan At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableCatchupQuickScan At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableEmailScanning At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableHeuristics At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisablePackedExeScanning At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRemovableDriveScanning At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableReparsePointScanning At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableRestorePoint At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningMappedNetworkDrivesForFullScan At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!DisableScanningNetworkFiles At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideAvgCPULoadFactor At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScanParameters At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleDay At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleQuickScanTime At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!LocalSettingOverrideScheduleTime At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanOnlyIfIdle At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime Machine TRUE Windows Components\Windows Defender\Scan HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScanOnUpdate At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableScheduledSignatureUpdateOnBattery At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DisableUpdateOnStartupWithoutEngine At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ForceUpdateFromMU At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!RealtimeSignatureDelivery At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureDisableNotification At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval Machine TRUE Windows Components\Windows Defender\Signature Updates HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!UpdateOnStartUp At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\MAPS HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!LocalSettingOverrideSpynetReporting At least Windows Server 2012 Machine FALSE Windows Components\Windows Defender\MAPS HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting Machine TRUE Windows Components\Windows Defender\Threats HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction Machine TRUE Windows Components\Windows Defender\Threats HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction Machine TRUE Windows Components\Windows Defender\Client Interface HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!Notification_Suppress At least Windows Server 2012 Machine TRUE Windows Components\Windows Defender\Client Interface HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoBackButton At least Windows 2000 Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoFileMru At least Windows 2000 Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32!NoPlacesBar At least Windows 2000 Removes the shortcut bar from the Open dialog box.This setting User FALSE Windows Components\File Explorer\Common Open File Dialog HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ClassicShell Windows Server 2008 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!ConfirmFileDelete At least Windows Server 2003 operating systems or Windows XP Professional Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!EnforceShellExtensionSecurity At least Windows 2000 This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!LinkResolveIgnoreLinkInfo At least Windows 2000 This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!MaxRecentDocs Windows Server 2008 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoThumbnailCache At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoCDBurning At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeAnimation Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoChangeKeyboardNavigationIndicators Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDFSTab At least Windows 2000 This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDrives At least Windows 2000 This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network!NoEntireNetwork Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFileMenu At least Windows 2000 Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu. User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoFolderOptions At least Windows 2000 This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoHardwareTab At least Windows 2000 Removes the Hardware tab.This setting removes the Hardware tab from Mouse User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoManageMyComputerVerb At least Windows 2000 Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc) User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSharedDocuments Windows XP Professional only This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoNetConnectDisconnect At least Windows 2000 Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRecycleFiles At least Windows Server 2003 operating systems or Windows XP Professional When a file or folder is deleted in File Explorer User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoRunasInstallPrompt Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoSecurityTab At least Windows Server 2003 operating systems or Windows XP Professional Removes the Security tab from File Explorer.If you enable this setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoShellSearchButton Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewContextMenu At least Windows 2000 Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoViewOnDrive At least Windows 2000 Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWinKeys At least Windows Server 2003 Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoComputersNearMe Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PromptRunasInstallNetPath Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RecycleBinSize Windows Server 2003 User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior At least Windows XP Professional with SP2 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol Machine FALSE Windows Components\File Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior At least Windows XP Professional with SP2 This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!NoSearchInternetTryHarderButton At least Windows Server 2008 R2 or Windows 7 If you enable this policy User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!CheckSameSourceAndTargetForFRAndDFS At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to prevent data loss when you change the target location for Folder Redirection User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!HideContentViewModeSnippets At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableIndexedLibraryExperience At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableSearchBoxSuggestions At least Windows Server 2008 R2 or Windows 7 Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy Machine FALSE Windows Components\File Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage At least Windows Vista Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableBindDirectlyToPropertySetStorage At least Windows Vista Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation Machine FALSE Windows Components\File Explorer HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting User FALSE Windows Components\File Explorer HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoStrCmpLogical At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180E At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) User FALSE Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4!180F At least Windows Server 2008 R2 or Windows 7 This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation At least Windows Server 2012 User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!DefaultLibrariesLocation At least Windows Server 2012 Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowLockOption At least Windows Server 2012 Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowSleepOption At least Windows Server 2012 Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ShowHibernateOption At least Windows Server 2012 Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!NoNewAppAlert At least Windows Server 2012 Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized User FALSE Windows Components\File Explorer HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\System!DefaultAssociationsConfiguration At least Windows Server 2012 Machine FALSE Windows Components\File Explorer HKLM\Software\Policies\Microsoft\Windows\Explorer!EnableShellShortcutIconRemotePath At least Windows Server 2012 Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SFCDllCacheDir Windows Server 2003 Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcQuota Windows Server 2003 Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcScan Windows Server 2003 Machine FALSE System\Windows File Protection HKLM\Software\Policies\Microsoft\Windows NT\Windows File Protection!SfcShowProgress Windows Server 2003 Machine FALSE Network\Network Connections\Windows Firewall HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\ICFv4!BypassFirewall At least Windows XP Professional with SP2 Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!EnableFirewall At least Windows XP Professional with SP2 Turns on Windows Firewall.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DoNotAllowExceptions At least Windows XP Professional with SP2 Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableNotifications At least Windows XP Professional with SP2 Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableUnicastResponsesToMulticastBroadcast At least Windows XP Professional with SP2 Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Domain Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!EnableFirewall At least Windows XP Professional with SP2 Turns on Windows Firewall.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DoNotAllowExceptions At least Windows XP Professional with SP2 Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableNotifications At least Windows XP Professional with SP2 Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!AllowUserPrefMerge At least Windows XP Professional with SP2 Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile!DisableUnicastResponsesToMulticastBroadcast At least Windows XP Professional with SP2 Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting Machine FALSE Network\Network Connections\Windows Firewall\Standard Profile HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled User FALSE Windows Components\Windows Mail HKCU\SOFTWARE\Policies\Microsoft\Windows Mail!ManualLaunchAllowed At least Windows Vista Denies or allows access to the Windows Mail application.If you enable this setting Machine FALSE Windows Components\Windows Mail HKLM\SOFTWARE\Policies\Microsoft\Windows Mail!ManualLaunchAllowed At least Windows Vista Denies or allows access to the Windows Mail application.If you enable this setting User FALSE Windows Components\Windows Mail HKCU\SOFTWARE\Policies\Microsoft\Windows Mail!DisableCommunities At least Windows Vista Windows Mail will not check your newsgroup servers for Communities support. Machine FALSE Windows Components\Windows Mail HKLM\SOFTWARE\Policies\Microsoft\Windows Mail!DisableCommunities At least Windows Vista Windows Mail will not check your newsgroup servers for Communities support. Machine FALSE Windows Components\Windows Media Digital Rights Management HKLM\Software\Policies\Microsoft\WMDRM!DisableOnline At least Windows Server 2003 Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DisableAutoUpdate Windows Media Player 9 Series and later. This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!GroupPrivacyAcceptance Windows Media Player 9 Series and later. This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DontUseFrameInterpolation Windows Media Player 9 Series and later. This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting User FALSE Windows Components\Windows Media Player HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCDDVDMetadataRetrieval Windows Media Player 9 Series and later. This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!PreventLibrarySharing Windows Media Player 11 for Windows XP or Windows Media Player 11 for Windows Vista or later. This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting User FALSE Windows Components\Windows Media Player HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventMusicFileMetadataRetrieval Windows Media Player 9 Series and later. This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!QuickLaunchShortcut Windows Media Player 9 Series and later. This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting User FALSE Windows Components\Windows Media Player HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventRadioPresetsRetrieval Windows Server 2003 Machine FALSE Windows Components\Windows Media Player HKLM\Software\Policies\Microsoft\WindowsMediaPlayer!DesktopShortcut Windows Media Player 9 Series and later. This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting User FALSE Windows Components\Windows Media Player\Playback HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!EnableScreenSaver Windows Media Player 9 Series and later. This policy setting allows a screen saver to interrupt playback.If you enable this policy setting User FALSE Windows Components\Windows Media Player\Playback HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!PreventCodecDownload Windows Media Player for Windows XP and later. This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!DoNotShowAnchor Windows Server 2003 User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HidePrivacyTab Windows Media Player 9 Series and later. This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideSecurityTab Windows Media Player 9 Series and later. This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting User FALSE Windows Components\Windows Media Player\User Interface HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!HideNetworkTab Windows Media Player for Windows XP and later. This policy setting allows you to hide the Network tab.If you enable this policy setting User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy User FALSE Windows Components\Windows Media Player\Networking HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols Machine FALSE Windows Components\Windows Messenger HKLM\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting User FALSE Windows Components\Windows Messenger HKCU\Software\Policies\Microsoft\Messenger\Client!PreventAutoRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting Machine FALSE Windows Components\Windows Messenger HKLM\Software\Policies\Microsoft\Messenger\Client!PreventRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting User FALSE Windows Components\Windows Messenger HKCU\Software\Policies\Microsoft\Messenger\Client!PreventRun At least Windows Server 2003 operating systems or Windows XP Professional This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowBasic At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowUnencryptedTraffic At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowDigest At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowNegotiate At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowKerberos At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!AllowCredSSP At least Windows Vista This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Client HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts Machine FALSE Windows Components\Windows Remote Management (WinRM)\WinRM Service HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption Windows 7 User FALSE Windows Components\Windows Update HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUShutdownOption Windows 7 User FALSE Windows Components\Windows Update HKCU\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption Windows 7 Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAUAsDefaultShutdownOption Windows 7 User FALSE Windows Components\Windows Update HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!ElevateNonAdmins Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AutoInstallMinorUpdates Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!IncludeRecommendedUpdates At least Windows Vista Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!EnableFeaturedSoftware Windows Server 2008 Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AUPowerManagement Windows Server 2008 Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoRebootWithLoggedOnUsers Windows XP Professional Service Pack 1 or At least Windows 2000 Service Pack 3 Specifies that to complete a scheduled installation Machine TRUE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!AlwaysAutoRebootAtScheduledTime When Windows Update requires a restart to finish installing updates Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled Machine FALSE Windows Components\Windows Update HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!AcceptTrustedPublisherCerts At least Windows Server 2003 operating systems or Windows XP Professional with SP1 Machine FALSE Windows Components\Shutdown Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisableShutdownNamedPipe At least Windows Vista This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting Machine FALSE Windows Components\Shutdown Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ShutdownSessionTimeout At least Windows Vista This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting Machine FALSE System\Shutdown HKLM\Software\Policies\Microsoft\Windows\System!HiberbootEnabled At least Windows Server 2012 Machine FALSE Windows Components\Windows Logon Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!DisplayLastLogonInfo At least Windows Vista This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level User FALSE Windows Components\Windows Logon Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!DontDisplayLogonHoursWarnings At least Windows Vista This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default User FALSE Windows Components\Windows Logon Options HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonHoursAction At least Windows Vista This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation Machine FALSE Windows Components\Windows Logon Options HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!SoftwareSASGeneration At least Windows Vista This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting User TRUE Windows Components\Work Folders HKCU\Software\Policies\Microsoft\Windows\WorkFolders!SyncUrl User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoTileApplicationNotification At least Windows Server 2012 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotification At least Windows Server 2012 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoToastApplicationNotificationOnLockScreen At least Windows Server 2012 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications!NoCloudApplicationNotification At least Windows Server 2012 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!Enable At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!EntryTime At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!ExitTime At least Windows Server 2012 R2 User TRUE Start Menu and Taskbar\Notifications HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\QuietHours!AllowCalls At least Windows Server 2012 R2 Machine TRUE Network\WWAN Service\WWAN Media Cost HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost3G At least Windows Server 2012 Machine TRUE Network\WWAN Service\WWAN Media Cost HKLM\Software\Policies\Microsoft\Windows\WwanSvc\NetCost!Cost4G At least Windows Server 2012 HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller!ApprovedList HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicies!InstallTrustedOCX Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes This setting exists only for backward compatibility This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input This policy setting controls the state of the Inventory Collector. The Inventory Collector inventories applications This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting This policy setting allows you to manage the default risk level for file types. To fully customize the risk level for file attachments This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone This policy setting allows you to configure the list of low-risk file types. If the attachment is in the list of low-risk file types This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting This policy setting disallows AutoPlay for MTP devices like cameras or phones. If you enable this policy setting This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting This policy setting determines whether users can log on or elevate User Account Control (UAC) permissions using biometrics. By default This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default This policy setting specifies the number of seconds a pending fast user switch event will remain active before the switch is initiated. By default This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit HKLM\Software\Policies\Microsoft\Windows\BITS!EnableBITSMaxBandwidth HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableBandwidthLimits HKLM\Software\Policies\Microsoft\Windows\BITS\Throttling!EnableMaintenanceLimits This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache This policy setting specifies whether the computer will act as a BITS peer caching client. By default This policy setting specifies whether the computer will act as a BITS peer caching server. By default This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers HKLM\Software\Policies\Microsoft\Windows\BITS\TransferPolicy!ForegroundTransferPolicy This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default This policy setting limits the number of BITS jobs that can be created by a user. By default This policy setting limits the number of files that a BITS job can contain. By default This policy setting limits the number of ranges that can be added to a file in a BITS job. By default This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server. This policy setting determines the cipher suites used by the Secure Socket Layer (SSL).If you enable this policy setting This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs Disables the application sharing feature of NetMeeting completely. Users will not be able to host or view shared applications. Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. Prevents users from sharing anything themselves. They will still be able to view shared applications/desktops from others. Prevents users from sharing command prompts. This prevents users from inadvertently sharing out applications Prevents users from sharing the whole desktop. They will still be able to share individual applications. Prevents users from sharing Explorer windows. This prevents users from inadvertently sharing out applications Prevents users from sharing applications in true color. True color sharing uses more bandwidth in a conference. Disables the audio feature of NetMeeting. Users will not be able to send or receive audio. Prevents user from changing the DirectSound audio setting. DirectSound provides much better audio quality Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. Prevents users from receiving video. Users will still be able to send video provided they have the hardware." Prevents users from sending video if they have the hardware. Users will still be able to receive video from others. Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. Make the automatic acceptance of incoming calls persistent. Disables the T.126 whiteboard feature of NetMeeting. Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it. Disables the remote desktop sharing feature of NetMeeting. Users will not be able to set it up or use it for controlling their computers remotely. Prevents users from adding directory (ILS) servers to the list of those they can use for placing calls. Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always. Prevents users from changing the way calls are placed Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book." Prevents users from receiving files from others in a conference. Prevents users from sending files to others in a conference. Prevents users from viewing directories as Web pages in a browser. Limits the size of files users can send to others in a conference. Sets the URL NetMeeting will display when the user chooses the Help Online Support command. Sets the level of security for both outgoing and incoming NetMeeting calls. Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. Hides the Audio page of the Tools Options dialog. Users will not then be able to change audio settings. Hides the General page of the Tools Options dialog. Users will not then be able to change personal identification and bandwidth settings. Hides the Security page of the Tools Options dialog. Users will not then be able to change call security and authentication settings. Hides the Video page of the Tools Options dialog. Users will not then be able to change video settings. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowCpl This policy setting controls the default Control Panel view Disables all Control Panel programs and the PC settings app.This setting prevents Control.exe and SystemSettings.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictCpl Disables the Display Control Panel.If you enable this setting Disables the Color (or Window Color) page in the Personalization Control Panel Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add Enables desktop screen savers.If you disable this setting Specifies the screen saver for the user's desktop.If you enable this setting Determines whether screen savers used on the computer are password protected.If you enable this setting Specifies how much user idle time must elapse before the screen saver is launched.When configured Prevents users from adding or changing the background design of the desktop.By default Prevents users from changing the sound scheme.By default Prevents users from changing the mouse pointers.By default Prevents users from changing the desktop icons.By default This setting disables the theme gallery in the Personalization Control Panel.If you enable this setting Specifies which theme file is applied to the computer the first time a user logs on.If you enable this setting Prevents users or applications from changing the visual style of the windows and buttons displayed on their screens.When enabled on Windows XP This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles) HKLM\Software\Policies\Microsoft\Windows\Personalization!PersonalColors_Background This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist This policy setting specifies a default logon domain This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefaultCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowDefCredentialsWhenNTLMOnly HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowFreshCredentialsWhenNTLMOnly HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!AllowSavedCredentialsWhenNTLMOnly HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyDefaultCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenyFreshCredentials HKLM\Software\Policies\Microsoft\Windows\CredentialsDelegation!DenySavedCredentials This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default This policy setting requires the user to enter Microsoft Windows credentials using a trusted path This policy setting prevents users from changing their Windows password on demand.If you enable this policy setting This policy setting prevents users from locking the system.While locked This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers This policy setting disables or removes all menu items and buttons that log the user off the system.If you enable this policy setting Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows NT\DCOM\AppCompat!ListBox_Support_ActivationSecurityCheckExemptionList HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\AdminComponent!Add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!Wallpaper Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory Prevents users from changing the path to their profile folders.By default Prevents users from using the Desktop Cleanup Wizard.If you enable this setting Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods. This setting hides Computer from the desktop and from the new Start menu. It also hides links to Computer in the Web view of all Explorer windows Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista This setting hides Properties on the context menu for Computer.If you enable this setting Removes most occurrences of the Recycle Bin icon.This setting removes the Recycle Bin icon from the desktop Removes the Properties option from the Recycle Bin context menu.If you enable this setting Prevents users from saving certain changes to the desktop.If you enable this setting Prevents users from adjusting the length of desktop toolbars. Also Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse. If you enable this policy This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity This policy setting allows you to determine whether members of the Administrators group can install and update the drivers for any device HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceClasses HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceClasses HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!AllowDeviceIDs HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!DenyDeviceIDs This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions!ForceReboot This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\DriverInstall\Restrictions!AllowUserDeviceClasses This policy setting prevents redirection of USB devices.If you enable this setting HKLM\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions!DenyDeviceIDs This policy setting allows you to turn off "Found New Hardware" balloons during device installation.If you enable this policy setting Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting HKCU\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchFloppies This policy setting allows you to specify the order in which Windows searches source locations for device drivers. If you enable this policy setting This policy setting allows you to specify the search server that Windows uses to find updates for device drivers.If you enable this policy setting This policy setting allows you to prevent Windows from retrieving device metadata from the Internet. If you enable this policy setting This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}!ScenarioExecutionEnabled This policy setting turns off the boot and resume optimizations for the hybrid hard disks in the system.If you enable this policy setting This policy setting turns off power save mode on the hybrid hard disks in the system.If you enable this policy setting This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system This policy setting turns off the solid state mode for the hybrid hard disks. If you enable this policy setting This policy setting turns on and turns off disk quota management on all NTFS volumes of the computer This policy setting determines whether disk quota limits are enforced and prevents users from changing the setting.If you enable this policy setting This policy setting determines whether the system records an event in the local Application log when users reach their disk quota limit on a volume This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting Specifies a connection-specific DNS suffix. This policy setting supersedes local connection-specific DNS suffixes Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.To use this policy setting Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix Specifies if DNS client computers will register PTR resource records.By default Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example Specifies the security level for dynamic DNS updates.To use this policy setting Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones Specifies if the DNS client performs primary DNS suffix devolution during the name resolution process.With devolution This policy setting controls the appearance of window animations such as those found when restoring This policy setting controls the appearance of window animations such as those found when restoring HKCU\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState HKLM\SOFTWARE\Policies\Microsoft\Windows\DWM!DefaultColorizationColorState This policy setting controls the ability to change the color of window frames. If you enable this policy setting This policy setting controls the ability to change the color of window frames. If you enable this policy setting HKLM\System\CurrentControlSet\Policies\EarlyLaunch!DriverLoadPolicy This policy setting prevents File Explorer from encrypting files that are moved to an encrypted folder.If you enable this policy setting This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting This policy setting configures whether or not a password can be used to unlock an Enhanced Storage device.If you enable this policy setting This policy setting configures whether or not Windows will activate an Enhanced Storage device.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilos!SiloAllowListPolicy HKLM\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevices!PolicyEnabled HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DW!DWNoExternalURL HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!ShowUI This policy setting turns off Windows Error Reporting This policy setting turns off Windows Error Reporting This policy setting prevents the display of the user interface for critical errors.If you enable this policy setting This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting This policy setting determines whether Windows Error Reporting (WER) sends additional This policy setting determines whether Windows Error Reporting (WER) sends additional This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!AllOrNone This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors This policy setting controls whether errors in the operating system are included Windows Error Reporting is enabled.If you enable this policy setting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableArchive HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!CorporateWerServer This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting HKCU\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DisableQueue This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting This policy setting determines the consent behavior of Windows Error Reporting for specific event types.If you enable this policy setting This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting This policy setting determines the default consent behavior of Windows Error Reporting.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting turns on logging.If you enable or do not configure this policy setting This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting specifies the maximum size of the log file in kilobytes.If you enable this policy setting This is the program that will be invoked when the user clicks the events.asp link. This specifies the command line parameters that will be passed to the events.asp program This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. This policy setting configures File Explorer to always display the menu bar.Note: By default This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios. Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer. Disabling heap termination on corruption can allow certain legacy plug-in applications to function without terminating Explorer immediately Sets the target of the More Information link that will be displayed when the user attempts to run a program that is blocked by policy. HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}!ScenarioExecutionEnabled HKLM\Software\Policies\Microsoft\Windows\Filesystems\NTFS!SymLinkState Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. Encryption can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of encrypted files Encrypting the page file prevents malicious users from reading data that has been paged to disk These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility Delete notification is a feature that notifies the underlying storage device of clusters that are freed due to a file delete operation.A value of 0 This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs This policy setting allows you to control whether all redirected shell folders HKCU\Software\Policies\Microsoft\Windows\NetCache\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}!DisableFRAdminPinByFolder This policy setting allows the administrator to define whether Folder Redirection should use localized names for the All Programs This policy setting shows or hides the Details Pane in File Explorer.If you enable this policy setting and configure it to hide the pane Hides the Preview Pane in File Explorer.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a}!ScenarioExecutionEnabled Manages download of game box art and ratings from the Windows Metadata Services.If you enable this setting Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting Manages download of game update information from Windows Metadata Services.If you enable this setting This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictSystemLocales HKCU\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales HKLM\Software\Policies\Microsoft\Control Panel\International!RestrictUserLocales This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting This policy setting prevents users from changing their user geographical location (GeoID).If you enable this policy setting This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting This policy setting controls which UI language is used for computers with more than one UI language installed.If you enable this policy setting This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer This policy turns off the offer text predictions as I type option. This does not This policy turns off the insert a space after selecting a text prediction option. This does not This policy turns off the autocorrect misspelled words option. This does not This policy turns off the highlight misspelled words option. This does not This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly HKCU\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection HKLM\SOFTWARE\Policies\Microsoft\InputPersonalization!RestrictImplicitTextCollection This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonOptimization HKLM\Software\Policies\Microsoft\Windows\System!EnableLogonScriptDelay This policy directs Group Policy processing to skip processing any client side extension that requires synchronous processing (that is This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.By default This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous This policy setting allows user-based policy processing HKLM\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}!NoBackgroundPolicy HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}!NoSlowLink This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default This policy setting controls the ability of users to view their Resultant Set of Policy (RSoP) data.By default This policy setting prevents Group Policy from being updated while the computer is in use. This policy setting applies to Group Policy for computers This policy setting allows you to control a user's ability to invoke a computer policy refresh.If you enable this policy setting This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings This policy setting determines which domain controller the Group Policy Object Editor snap-in uses.If you enable this setting This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyMinTransferRate HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime HKLM\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTimeDC HKCU\Software\Policies\Microsoft\Windows\System!GroupPolicyRefreshTime This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured This policy setting allows you to create new Group Policy object links in the disabled state.If you enable this setting This policy setting lets you always use local ADM files for the Group Policy snap-in.By default This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}!LogLevel HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!NoSlowLink HKLM\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}!LogLevel This policy setting allows you to permit or prohibit use of Application snap-ins (Application preference item types). When prohibited This policy setting allows you to permit or prohibit use of the Applications preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Data Sources preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Environment preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Files preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Folders preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Folder Options preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Internet Settings preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Power Options preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Registry preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Scheduled Tasks preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Shortcuts preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Start Menu preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Preferences tab. When prohibited This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting This policy setting allows you to restrict programs from being run from online Help. If you enable this policy setting This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting This policy setting specifies whether active content links in trusted assistance content are rendered. By default This policy setting specifies whether users can provide ratings for Help content.If you enable this policy setting This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting HKCU\Software\Policies\Microsoft\InternetManagement!RestrictCommunication HKLM\Software\Policies\Microsoft\InternetManagement!RestrictCommunication This policy setting specifies whether to automatically update root certificates using the Windows Update website. Typically This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing This policy setting specifies whether to allow this client to download print driver packages over HTTP.To set up HTTP printing This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting!DoReport This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the tasks "Publish this file to the Web This policy setting specifies whether the tasks "Publish this file to the Web This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level "This policy setting prevents installation of Internet Information Services (IIS) on this computer. If you enable this policy setting HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{05589FA1-C356-11CE-BF01-00AA0055595A} Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features Designates Shockwave flash as an administrator approved control.If you enable this policy HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{9276B91A-E780-11d2-8A8D-00C04FA31D93} HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls!{275E2FE0-7486-11D0-89D6-00A0C90C9B67} Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy Designates NetShow File Transfer Control as an administrator approved control.If you enable this policy Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy Designates Microsoft Survey Control as an administrator approved control.If you enable this policy This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether Internet Explorer preemptively loads websites and content in the background This policy setting determines whether Internet Explorer preemptively loads websites and content in the background This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting This policy setting allows you to swipe left or right on Internet Explorer for the desktop.If you enable this policy setting This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting This policy setting allows you to configure how Internet Explorer sends the Do Not Track (DNT) header.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses HTTP 1.1 through proxy connections.If you enable this policy setting This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0 This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects This policy setting allows you to manage whether Internet Explorer will launch COM add-ons known as browser helper objects This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. When Internet Explorer is set to do this This policy setting allows you to manage whether software This policy setting allows you to manage whether software This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting This policy setting specifies whether you will accept requests from Web sites for Profile Assistant information.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting This policy setting shows the Content Advisor setting on the Content tab of the Internet Options dialog box.If you enable this policy setting This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.If you enable this policy setting This policy setting allows you to turn on your script debugger This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default This policy setting specifies whether smooth scrolling is used to display content at a predefined speed.If you enable this policy setting This policy setting specifies how you want links on webpages to be underlined.If you enable this policy setting This policy setting determines whether phone numbers are recognized and turned into hyperlinks This policy setting determines whether phone numbers are recognized and turned into hyperlinks HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions!MaxSubscriptionSize Prevents users from adding channels to Internet Explorer.Channels are Web sites that are updated automatically on your computer Prevents users from specifying that Web pages can be downloaded for viewing offline. When users make Web pages available for offline viewing Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing Disables existing schedules for downloading Web pages for offline viewing.When users make Web pages available for offline viewing Prevents content from being downloaded from Web sites that users have subscribed to.When users make Web pages available for offline viewing This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!NoDefaultTextSize Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Advanced tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Connections tab from the interface in the Internet Options dialog box.If you enable this policy Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy Removes the General tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Privacy tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Programs tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy Removes the Security tab from the interface in the Internet Options dialog box.If you enable this policy This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting specifies whether to use 8-bit Unicode Transformation Format (UTF-8) This policy setting prevents the user from specifying the background color in Internet Explorer.If you enable this policy setting This policy setting prevents the user from specifying the text color in Internet Explorer.If you enable this policy setting This policy setting prevents the user from using Windows colors as a part of the display settings.If you enable this policy setting This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page This policy setting determines whether the Internet Connection Wizard was completed. If the Internet Connection Wizard was not completed HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!ListBox_Support_CLSID This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ADDON_MANAGEMENT HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_AllowedBehaviors This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_BEHAVIORS Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_HANDLING This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_SECURITYBAND Internet Explorer places zone restrictions on each Web page it opens Internet Explorer places zone restrictions on each Web page it opens HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_LOCALMACHINE_LOCKDOWN This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_MIME_SNIFFING The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_DISABLE_MK_PROTOCOL Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_PROTOCOL_LOCKDOWN This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_OBJECT_CACHING Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet Internet Explorer places restrictions on each Web page it opens. The restrictions are dependent upon the location of the Web page (Internet HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_ZONE_ELEVATION This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_ACTIVEXINSTALL This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_RESTRICT_FILEDOWNLOAD Internet Explorer allows scripts to programmatically open Internet Explorer allows scripts to programmatically open HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_FEATURE_WINDOW_RESTRICTIONS HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_3 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_1 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_0 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_4 HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols!ListBox_Support_2 This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting This policy setting allows you to manage the crash detection feature of add-on Management.If you enable this policy setting This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions This policy setting allows Internet Explorer to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions This policy setting turns off Automatic Crash Recovery.If you enable this policy setting This policy setting turns off Automatic Crash Recovery.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally This policy setting allows you to turn on or turn off the earlier menus (for example This policy setting allows you to turn on or turn off the earlier menus (for example This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Favorites bar in Internet Explorer.If you enable this policy setting Prevents users from changing settings on the Advanced tab in the Internet Options dialog box.If you enable this policy This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting This policy setting prevents the user from using the "Fix settings" functionality related to Security Settings Check.If you enable this policy setting This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting allows the user to enable the SmartScreen Filter This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting Specifies that error messages will be displayed to users if problems occur with proxy scripts.If you enable this policy This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting HKLM\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus HKCU\Software\Policies\Microsoft\Internet Explorer\Main!AlwaysShowMenus This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser This policy settings disables the Import/Export Settings wizard. This wizard allows you to import settings from another browser This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting This policy setting prevents the user from zooming in to or out of a page to better see the content.If you enable this policy setting Prevents users from configuring unique identities by using Identity Manager.Identity Manager enables users to create multiple accounts This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions!No_LaunchMediaBar This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting This policy setting prevents the user from accessing Help in Internet Explorer.If you enable this policy setting This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available This policy setting prevents the Search box from appearing in Internet Explorer. When the Search box is available This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting This policy setting allows you to turn off suggestions for all user-installed search providers.If you enable this policy setting This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting This policy setting allows you to prevent the quick pick menu from appearing when a user clicks in the Search box.If you enable this policy setting Prevents Internet Explorer from automatically installing components.If you enable this policy This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting This policy setting allows you to specify what is displayed when the user opens a new tab.If you enable this policy setting This policy setting allows you to manage whether the user has access to Tab Grouping in Internet Explorer.If you enable this policy setting This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting This policy setting allows you to turn off the Quick Tabs functionality in Internet Explorer.If you enable this policy setting This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting Prevents the Internet Explorer splash screen from appearing when users start the browser.If you enable this policy This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting Prevents Internet Explorer from checking whether a new version of the browser is available.If you enable this policy This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow HKCU\Software\Policies\Microsoft\Internet Explorer\New Windows!ListBox_Support_Allow This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting Prevents users from changing the browser cache settings Prevents users from changing the default programs for managing schedules and contacts.If you enable this policy Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy Prevents Microsoft Internet Explorer from checking to see whether it is the default browser.If you enable this policy This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting Prevents users from changing the default Web page colors.If you enable this policy Prevents users from changing dial-up settings.If you enable this policy HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!Connection Settings Prevents users from running the Internet Connection Wizard.If you enable this policy Prevents users from changing font settings.If you enable this policy HKCU\Software\Policies\Microsoft\Internet Explorer\Main!Use FormSuggest HKCU\Software\Policies\Microsoft\Internet Explorer\Main!FormSuggest Passwords HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel!History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!History HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel!HomePage Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting Prevents users from changing language preference settings.If you enable this policy Prevents users from changing the colors of links on Web pages.If you enable this policy Prevents users from changing the default programs for messaging tasks.If you enable this policy You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting You can allow pop-ups from specific websites by adding the sites to the exception list.If you enable this policy setting This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting This policy setting allows you to manage pop-up management functionality in Internet Explorer.If you enable this policy setting Prevents users from changing Profile Assistant settings.If you enable this policy This policy setting specifies if a user can change proxy settings.If you enable this policy setting This policy setting specifies if a user can change proxy settings.If you enable this policy setting Prevents users from changing ratings that help control the type of Internet content that can be viewed.If you enable this policy Prevents users from restoring default settings for home and search pages.If you enable this policy This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history This policy setting is used to manage temporary Internet files and cookies associated with your Internet browsing history This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting Disables using the F3 key to search in Internet Explorer and File Explorer.If you enable this policy Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.If you enable this policy Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).If you enable this policy setting This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting This policy setting allows you to configure how new tabs are created by default in Internet Explorer.If you enable this policy setting Applies proxy settings to all users of the same computer.If you enable this policy This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on This policy setting allows you to turn on the certificate address mismatch security warning. When this policy setting is turned on HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies!InternetZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template Policies!InternetZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies!IntranetZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template Policies!IntranetZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies!LocalMachineZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template Policies!LocalMachineZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies!RestrictedSitesZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template Policies!RestrictedSitesZoneTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies!TrustedSitesZoneLockdownTemplate HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template Policies!TrustedSitesZoneTemplate This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings!ListBox_Support_ZoneMapKey This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting This policy setting enables intranet mapping rules to be applied automatically if the computer belongs to a domain.If you enable this policy setting This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting allows you to manage whether the user can run scriptlets.If you enable this policy setting This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting determines whether scripted windows are automatically displayed.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to manage whether script is allowed to update the status bar within the zone.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting allows you to manage the loading of XAML Browser Applications (XBAPs). These are browser-hosted This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting determines whether a page can control embedded WebBrowser controls via script.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether script code on pages in the zone is run.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone.If you enable this policy This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. Such code is potentially harmful This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting specifies whether Internet Explorer renders legacy visual filters in this zone. If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether pages of the zone may download HTML fonts.If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage permissions for Java applets.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage settings for logon options.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting manages whether users will be automatically prompted for ActiveX control installations.If you enable this policy setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting determines whether Internet Explorer runs antimalware programs against ActiveX controls This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage ActiveX controls not marked as safe.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether applets are exposed to scripts within the zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage software channel permissions.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage the preservation of information in the browser's history This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage whether Web sites from less privileged zones This policy setting allows you to manage whether Web sites from less privileged zones This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users This policy setting makes hyperlinks change color when the mouse pointer pauses on them.If you enable this policy setting Prevents users from closing Microsoft Internet Explorer and File Explorer.If you enable this policy Prevents users from saving Web pages from the browser File menu to their hard disk or to a network share.If you enable this policy Prevents users from saving the complete contents that are displayed on or run from a Web page Prevents users from opening a new browser window from the File menu.If this policy is enabled Prevents users from opening a file or Web page from the File menu in Internet Explorer.If you enable this policy Prevents users from sending feedback to Microsoft by clicking the Send Feedback command on the Help menu.If you enable this policy Prevents users from displaying tips for users who are switching from Netscape.If you enable this policy Prevents users from viewing or changing the Tip of the Day interface in Microsoft Internet Explorer.If you enable this policy Prevents users from running the Internet Explorer Tour from the Help menu in Internet Explorer.If you enable this policy This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8 Prevents using the shortcut menu to open a link in a new browser window.If you enable this policy Prevents users from saving a program or file that Microsoft Internet Explorer has downloaded to the hard disk.If you enable this policy This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 This policy setting allows you to manage whether users can access the Print menu. Starting with Windows 8 Prevents users from opening the Internet Options dialog box from the Tools menu in Microsoft Internet Explorer.If you enable this policy Prevents users from displaying the browser in full-screen (kiosk) mode Prevents users from viewing the HTML source of Web pages by clicking the Source command on the View menu.If you enable this policy This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting This policy setting specifies whether graphical images are included when pages are displayed.Sometimes This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\0!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\1!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\2!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\3!DomainLimit HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence\4!DomainLimit This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting This policy setting controls whether to have background synchronization for feeds and Web Slices.If you enable this policy setting This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting This policy setting prevents the user from subscribing to or deleting a feed or a Web Slice.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_Prompt!(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl!ListBox_Support_Feature_Enable_Script_Paste_URLAction_If_Prompt This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting This policy setting specifies whether the user can conduct a search on the Address bar.If you enable this policy setting This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar This policy setting allows the user to run natively implemented This policy setting allows the user to run natively implemented This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn off the Data Execution Prevention feature for Internet Explorer on Windows Server 2008 This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether the user can access Developer Tools in Internet Explorer.If you enable this policy setting Prevents users from determining which toolbars are displayed in Microsoft Internet Explorer and File Explorer.If you enable this policy Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!SpecifyDefaultButtons This policy setting allows you to show or hide the Command bar.If you enable this policy setting This policy setting allows you to show or hide the Command bar.If you enable this policy setting This policy setting allows you to show or hide the status bar.If you enable this policy setting This policy setting allows you to show or hide the status bar.If you enable this policy setting This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting This policy setting allows you to lock or unlock the toolbars on the user interface.If you enable this policy setting This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting This policy setting allows you to lock the Stop and Refresh buttons next to the Back and Forward buttons.If you enable this policy setting This policy setting allows you to choose among three different labels for command buttons: show all text labels This policy setting allows you to choose among three different labels for command buttons: show all text labels This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting This policy setting allows you increase the size of icons for command buttons.If you enable this policy setting This policy setting allows you to manage where tabs are displayed.If you enable this policy setting This policy setting allows you to manage where tabs are displayed.If you enable this policy setting This policy setting prevents the user from specifying the update check interval. The default value is 30 days.If you enable this policy setting This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting This policy setting allows you to prevent the installation of ActiveX controls on a per-user basis.If you enable this policy setting This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting This policy setting allows you to specify how ActiveX controls are installed.If you enable this policy setting This policy setting controls the Suggested Sites feature This policy setting controls the Suggested Sites feature This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to add non-default Accelerators.If you enable this policy setting This policy setting allows you to add non-default Accelerators.If you enable this policy setting This policy setting allows you to add default Accelerators.If you enable this policy setting This policy setting allows you to add default Accelerators.If you enable this policy setting This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting This policy setting allows you to manage whether users can access Accelerators.If you enable this policy setting This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting controls the Compatibility View feature This policy setting controls the Compatibility View feature This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.If you enable this policy setting Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed This policy setting allows you to manage whether users can pin sites to locations where pinning is allowed This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting This policy setting sets data storage limits for indexed database and application caches for individual websites. When you set this policy setting This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting This policy setting allows websites to store indexed database cache information on client computers.If you enable this policy setting This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting This policy setting sets the data storage limit for all combined indexed databases for a user. When you set this policy setting This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting This policy setting allows websites to store file resources in application caches on client computers.If you enable this policy setting This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting This policy setting sets the file storage limit for all combined application caches for a user. When you set this policy setting This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting configures what Internet Explorer displays when a new browsing session is started. By default This policy setting configures what Internet Explorer displays when a new browsing session is started. By default This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting This policy setting configures Internet Explorer to open Internet Explorer tiles on the desktop.If you enable this policy setting This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide This policy setting allows you to choose how links are opened in Internet Explorer: Let Internet Explorer decide This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then do not allow the initiator iqn name to be changed. If disabled then the initiator iqn name may be changed. If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established. If enabled then do not allow the initiator CHAP secret to be changed. If disabled then the initiator CHAP secret may be changed. If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established. If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!UseForestSearch HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters!EnableTicketSizeThreshold HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!domain_realm_Enabled HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!MitRealms_Enabled This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters!UseForestSearch This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos!KdcProxyServer_Enabled HKLM\Software\Policies\Microsoft\Netlogon\Parameters!CompoundIdDisabled HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters!EnableMaxTokenSize This policy setting specifies whether a hash generation service generates hashes HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f}!ScenarioExecutionEnabled This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting forces the user to log on to the computer using the classic logon screen. By default This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting determines whether Group Policy processing is synchronous (that is This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting This policy setting allows you to hide the Switch User interface in the Logon UI This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos Prevents users from entering author mode.This setting prevents users from opening the Microsoft Management Console (MMC) in author mode Lets you selectively permit or prohibit the use of Microsoft Management Console (MMC) snap-ins.-- If you enable this setting Permits or prohibits use of this snap-in.If you enable this setting Permits or prohibits use of this snap-in.If you enable this setting Permits or prohibits use of this snap-in.If you enable this setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}!Restrict_Run HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}!Restrict_Run This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in. If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting permits or prohibits the use of this snap-in.If you enable this policy setting This policy setting turns off Windows Mobility Center.If you enable this policy setting This policy setting turns off Windows Mobility Center.If you enable this policy setting This policy setting turns off Windows presentation settings.If you enable this policy setting This policy setting turns off Windows presentation settings.If you enable this policy setting This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\Task Scheduler\Maintenance!Randomized This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}!DownloadToolsEnabled This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}!ScenarioExecutionEnabled This policy setting allows users to search for installation files during privileged installations.If you enable this policy setting This policy setting allows users to install programs from removable media during privileged installations.If you enable this policy setting This policy setting allows users to patch elevated products.If you enable this policy setting This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting This policy setting directs Windows Installer to use elevated permissions when it installs any program on the system.If you enable this policy setting This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting This policy setting controls the ability to turn off all patch optimizations.If you enable this policy setting This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting This policy setting prevents users from installing any programs from removable media.If you enable this policy setting This policy setting restricts the use of Windows Installer.If you enable this policy setting This policy setting prevents users from using Windows Installer to install patches.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users This policy setting allows you to configure user installs. To configure this policy setting This policy setting causes the Windows Installer to enforce strict rules for component upgrades.If you enable this policy setting This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 Specifies the types of events that Windows Installer records in its transaction log for each installation. The log This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting This policy setting specifies the order in which Windows Installer searches for installation files.If you disable or do not configure this policy setting This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting This policy setting controls the ability to turn off shared components.If you enable this policy setting This policy setting controls the ability to prevent embedded UI.If you enable this policy setting This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator Specifies the string that appears for DirectAccess connectivity when the user clicks the Networking notification area icon. For example Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default Specifies commands configured by the administrator for custom logging. These commands will run in addition to default log commands. This policy setting enables you to specify the URL of the corporate website This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service This policy setting determines which DC Locator DNS records are not registered by the Net Logon service.If you enable this policy setting This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6 This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default Determines whether users can change the properties of a LAN connection.This setting determines whether the Properties menu item is enabled Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection This policy setting determines whether to require domain users to elevate when setting a network's location.If you enable this policy setting Specifies whether or not the "local access only" network icon will be shown.When enabled This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting This policy setting allows you to select the TCP port that the Network Projector uses to send packets. If you enable this policy setting This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting At least Windows Server 2003 operating systems Service Pack 1 This policy setting prevents users from making network files and folders available offline.If you enable this policy setting This policy setting prevents users from making network files and folders available offline.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting HKLM\Software\Policies\Microsoft\Windows\NetCache!SlowLinkEnabled HKLM\Software\Policies\Microsoft\Windows\NetCache!CacheQuotaLimit HKLM\Software\Policies\Microsoft\Windows\NetCache!BackgroundSyncEnabled This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting This setting turns off Microsoft Peer-to-Peer Networking Services in its entirety This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name HKLM\Software\policies\Microsoft\Peernet\Pnrp\IPv6-Global!SeedServer This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol This policy setting allows you to configure the Family Safety feature.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}!ScenarioExecutionEnabled This policy setting specifies whether BranchCache is enabled on client computers to which this policy is applied. In addition to this policy setting This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting Turns off Tablet PC Pen Training.If you enable this policy setting Turns off Tablet PC Pen Training.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B}!ScenarioExecutionEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the Start menu Power button.If you enable this policy setting This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting This policy setting specifies the period of inactivity before Windows turns off the hard disk.If you enable this policy setting This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg This policy setting specifies the active power plan from a list of default Windows power plans. To specify a custom power plan This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting This policy setting allows you to turn off hybrid sleep.If you enable this policy setting This policy setting allows you to turn on the ability for applications and services to prevent the system from sleeping.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.If you enable this policy setting This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.If you enable this policy setting This policy setting allows you to turn off hybrid sleep.If you enable this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows turns off the display.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting This policy setting allows you to manage automatic sleep with open network files.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting This policy setting allows you to specify if Windows should enable the desktop background slideshow.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting This policy setting allows applications and services to prevent automatic sleep.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the reserve power mode.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts HKCU\Software\Policies\Microsoft\Windows\PowerShell!EnableScripts HKLM\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging HKCU\Software\Policies\Microsoft\Windows\PowerShell\ModuleLogging!EnableModuleLogging HKLM\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath HKCU\Software\Policies\Microsoft\Windows\PowerShell\UpdatableHelp!EnableUpdateHelpDefaultSourcePath This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Internet printing lets you display printers on Web pages so that printers can be viewed HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!DomainDisplayPrinters_State Allows users to use the Add Printer Wizard to search the network for shared printers.If you enable this setting or do not configure it Prevents users from using familiar methods to add local and network printers. If this policy setting is enabled HKLM\Software\Policies\Microsoft\Windows NT\Printers\Wizard!NonDomainDisplayPrinters_State This policy restricts clients computers to use package point and print only.If this setting is enabled HKCU\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList This policy restricts clients computers to use package point and print only.If this setting is enabled HKLM\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint!PackagePointAndPrintServerList Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting HKCU\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted HKLM\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint!Restricted Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting Announces the presence of shared printers to print browse master servers for the domain.On domains with Active Directory This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes) This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process This policy setting allows you to manage where client computers search for Point and Printer drivers.If you enable this policy setting This policy controls whether the print spooler will accept client connections.When the policy is unconfigured Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally Sets the priority of the pruning thread. The pruning thread Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt Determines whether the computer's shared printers can be published in Active Directory. If you enable this setting or do not configure it Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default Determines whether the domain controller can prune (delete from Active Directory) the printers published by this computer. By default This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall This setting prevents users from accessing "Programs and Features" to view This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured This setting removes the Set Program Access and Defaults page from the Programs Control Panel. As a result This setting prevents users from access the "Get new programs from Windows Marketplace" task from the Programs Control Panel in Category View Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View This setting prevents users from accessing the "Turn Windows features on or off" task from the Programs Control Panel in Category View This policy setting allows an administrator to turn on extensive logging for Password Synchronization.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\PswdSync!MaxRetries_state This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\PswdSync!UpdateRetryInterval_state Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies the maximum number of outstanding packets permitted on the system. When the number of outstanding packets reaches this limit Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867}!ScenarioExecutionEnabled Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting HKLM\Software\Policies\Microsoft\Windows NT\Reliability!TimeStampEnabled This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows NT\Reliability!ShutdownReasonOn This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseBandwidthOptimization HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!UseCustomMessages HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowToGetHelp HKLM\Software\policies\Microsoft\Windows NT\Terminal Services!fAllowUnsolicited HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices!RebootTimeinSeconds_state This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies read access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies write access to the CD and DVD removable storage class.If you enable this policy setting This policy setting denies execute access to the CD and DVD removable storage class.If you enable this policy setting HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Read!Deny_Read HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_Write!Deny_Write This policy setting denies read access to the Floppy Drives removable storage class This policy setting denies read access to the Floppy Drives removable storage class This policy setting denies write access to the Floppy Drives removable storage class This policy setting denies write access to the Floppy Drives removable storage class This policy setting denies execute access to the Floppy Drives removable storage class This policy setting denies read access to removable disks.If you enable this policy setting This policy setting denies read access to removable disks.If you enable this policy setting This policy setting denies write access to removable disks.If you enable this policy setting This policy setting denies write access to removable disks.If you enable this policy setting This policy setting denies execute access to removable disks.If you enable this policy setting Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies read access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies write access to the Tape Drive removable storage class.If you enable this policy setting This policy setting denies execute access to the Tape Drive removable storage class.If you enable this policy setting HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Read HKCU\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write HKLM\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}!Deny_Write This policy setting grants normal users direct access to removable storage devices in remote sessions.If you enable this policy setting This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting HKLM\Software\Policies\Microsoft\Windows NT\Rpc!ExtErrorInformation This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting This policy setting determines whether the RPC Runtime maintains RPC state information for the system This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default This policy setting allows user logon scripts to run when the logon cross-forest This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states HKLM\SOFTWARE\Policies\Microsoft\Windows\ScheduledDiagnostics!EnabledExecution Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured This policy setting determines when Windows uses automatic language detection results This policy setting disables indexing of removable drives. This policy setting allows you to control whether or not Search can perform queries on the web This policy setting allows you to control whether or not Search can perform queries on the web over metered connections HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchPrivacy HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ConnectedSearchSafeSearch This policy setting configures how Windows Search adds shared folders to the search index.If you enable this policy setting Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!EnableThrottlingOnlineMailboxes Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search!ExcludedExtensionsMultiline0 This policy setting prevents search queries from being stored in the registry. If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search\OCR!SelectOCRLangs This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on This policy setting turns off the sensor feature for this computer. If you enable this policy setting This policy setting turns off the sensor feature for this computer. If you enable this policy setting This policy setting turns off the location feature for this computer. If you enable this policy setting This policy setting turns off the location feature for this computer. If you enable this policy setting This policy setting turns off scripting for the location feature. If you enable this policy setting This policy setting turns off scripting for the location feature. If you enable this policy setting This policy setting allows you to turn off the automatic display of Server Manager at logon.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\Server\ServerManager!RefreshIntervalEnabled This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting This policy setting allows you to turn off the automatic display of the Manage Your Server page. If you enable this policy setting HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Servicing HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableApplicationSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableCredentialsSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisablePersonalizationSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableAppSyncSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWindowsSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableDesktopThemeSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableWebBrowserSettingSync HKLM\Software\Policies\Microsoft\Windows\SettingSync!DisableStartLayoutSettingSync Specifies an alternate location for Windows Service Pack installation files.If you enable this policy setting Specifies an alternate location for Windows installation files.If you enable this policy setting Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting This policy setting specifies whether users can add computers to a homegroup. By default This policy setting prevents users from running the interactive command prompt Disables the Windows registry editor Regedit.exe.If you enable this policy setting and the user tries to start Regedit.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!RestrictRun HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisallowRun This policy setting prevents the display of the Welcome Center at user logon.If you enable this policy setting This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting This policy settings lets you configure if all your valid logon certificates are displayed.During the certificate renewal period This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. This policy setting allows you to manage the displayed message when a smart card is blocked.If you enable this policy setting This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example This policy setting prevents plaintext PINs from being returned by Credential Manager. If you enable this policy setting This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain This policy setting allows you to control whether Smart Card Plug and Play is enabled.If you enable or do not configure this policy setting This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\Server for NIS!PushInterval_state This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows\ADR\AccessDenied!Enabled If you enable this policy the start menu search box will not search for internet history or favorites.If you disable or do not configure this policy This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.If you enable this policy setting Clear history of recently opened documents on exit.If you enable this setting Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area This policy setting allows you to prevent users from changing their Start screen layout.If you enable this setting HKLM\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled HKCU\Software\Policies\Microsoft\Windows\Explorer!StartPinAppsWhenInstalled HKLM\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout HKCU\Software\Policies\Microsoft\Windows\Explorer!LockedStartLayout Removes items in the All Users profile from the Programs menu on the Start menu.By default This policy setting allows you to remove the Search link from the Start menu This policy setting allows you to remove the All Programs list from the Start menu.If you enable this policy setting Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.If you enable this policy setting Allows you to remove the Run command from the Start menu This policy setting allows you to remove programs on Settings menu.If you enable this policy setting This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.If you enable this policy setting This policy setting allows you to remove the Default Programs link from the Start menu.If you enable this policy setting Prevents the clock in the system notification area from being displayed.If you enable this setting This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting This setting affects the taskbar.The taskbar includes the Start button This policy setting allows you to remove access to the context menus for the taskbar.If you enable this policy setting This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting This policy setting allows you to remove links and access to Windows Update.If you enable this policy setting This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result This policy setting allows you to remove the Downloads link from the Start Menu.If you enable this policy setting This policy setting allows you to remove the Recorded TV link from the Start Menu.If you enable this policy setting This policy setting allows you to remove the Videos link from the Start Menu.If you enable this policy setting Set the default action of the power button on the Start menu.If you enable this setting Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users Allows you to disable System Restore.This policy setting allows you to turn off System Restore.System Restore enables users HKCU\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState HKLM\software\policies\microsoft\TabletTip\1.7!PasswordSecurityState Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Prevents start of InkBall game.If you enable this policy Prevents start of InkBall game.If you enable this policy Prevents start of Windows Journal.If you enable this policy Prevents start of Windows Journal.If you enable this policy Prevents printing to Journal Note Writer.If you enable this policy Prevents printing to Journal Note Writer.If you enable this policy Prevents the snipping tool from running.If you enable this policy setting Prevents the snipping tool from running.If you enable this policy setting Removes the Back->ESC mapping that normally occurs when menus are visible Removes the Back->ESC mapping that normally occurs when menus are visible Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy Prevents the user from launching an application from a Tablet PC hardware button.If you enable this policy Prevents press and hold actions on hardware buttons Prevents press and hold actions on hardware buttons Turns off Tablet PC hardware buttons.If you enable this policy Turns off Tablet PC hardware buttons.If you enable this policy This policy setting allows you to remove the battery meter from the system control area.If you enable this policy setting This policy setting allows you to remove the networking icon from the system control area.If you enable this policy setting This policy setting allows you to remove the volume control icon from the system control area.If you enable this policy setting This policy setting allows you to remove the Action Center from the system control area.If you enable this policy setting This policy setting allows you to lock all taskbar settings.If you enable this policy setting This policy setting allows you to prevent users from adding or removing toolbars.If you enable this policy setting This policy setting allows you to prevent users from rearranging toolbars.If you enable this policy setting This policy setting allows you to turn off all notification balloons.If you enable this policy setting This policy setting allows you to prevent users from moving taskbar to another screen dock location.If you enable this policy setting This policy setting allows you to prevent users from resizing the taskbar.If you enable this policy setting This policy setting allows you to turn off taskbar thumbnails.If you enable this policy setting This policy setting allows you to remove pinned programs from the taskbar.If you enable this policy setting This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.If you enable this policy setting This policy setting allows you to turn off feature advertisement balloon notifications.If you enable this policy setting This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files This policy setting allows you to control pinning programs to the Taskbar.If you enable this policy setting This policy setting allows you to control pinning items in Jump Lists.If you enable this policy setting This policy setting allows you to configure Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting This policy setting allows you to configure 6to4 This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to configure Teredo This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting This policy setting allows you to configure the Teredo refresh rate.Note: On a periodic basis (by default This policy setting allows you to select the UDP port the Teredo client will use to send packets. If you leave the default of 0 This policy setting allows you to set Teredo to be ready to communicate HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface!IPHTTPS_ClientState This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting This policy setting allows you to configure IP Stateless Autoconfiguration Limits.If you enable or do not configure this policy setting This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP!EnableVirtualIP This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!UseProxy HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!AllowExplicitProxyName Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance This policy setting allows you to configure remote access to computers by using Remote Desktop Services.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxXResolution Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!KeepAliveEnable This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default This policy setting allows you to enable RemoteApp programs to use advanced graphics This policy setting allows you to restrict users to a single Remote Desktop Services session.If you enable this policy setting HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fInheritInitialProgram HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!InitialProgram This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!WFHomeDirUNC This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.By default This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteRoamingUserProfile This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).By default This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default This policy setting allows you to control the redirection of supported Plug and Play devices This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fPolicyFallbackPrintDriver This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.If you enable this policy setting This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.By default This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\!VGOptimization_CaptureFrameRate HKLM\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands!Enabled This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureDuration HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureIndividualThreshold HKLM\Software\Policies\Microsoft\Tpm!StandardUserAuthorizationFailureTotalThreshold This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link This policy setting provides users with the ability to download their roaming profile This policy setting lets you exclude folders that are normally included in the user's profile. As a result This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System!EnableProfileQuota This setting determines if roaming user profiles are available on a particular computer. By default This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading This policy setting determines if the changes a user makes to their roaming profile are merged with the server copy of their profile.By default This policy setting directs the system to wait for the remote copy of the roaming user profile to load HKLM\Software\Policies\Microsoft\Windows\System!UserProfileMinTransferRate This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection This policy setting controls whether Windows forcefully unloads the user's registry at logoff This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting HKLM\Software\Policies\Microsoft\Windows\System!UploadHiveMethod HKLM\Software\Policies\Microsoft\Windows\System!HomeDirLocation This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters This policy setting allows you to configure whether or not standard users are allowed to change BitLocker volume PINs This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_BIOS!Enabled HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatformValidation_UEFI!Enabled This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting This policy setting allows users to turn on authentication options that require user input from the pre-boot environment This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting HKLM\System\CurrentControlSet\Policies\Microsoft\FVE!RDVDenyWriteAccess HKLM\Software\Policies\Microsoft\W32Time\Config!FrequencyCorrectRate HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting This policy setting allows you to specify whether the Windows NTP Server is enabled.If you enable this policy setting for the Windows NTP Server HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!DataRetentionBySizeEnabled HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI!ScenarioExecutionEnabled Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting This policy setting allows you to manage whether backups of a machine can run to locally attached storage or not.If you enable this policy setting This policy setting allows you to manage whether backups of a machine can run to a network share or not.If you enable this policy setting This policy setting allows you to manage whether backups of a machine can run to an optical media or not.If you enable this policy setting This policy setting allows you to manage whether run-once backups of a machine can be run or not.If you enable this policy setting This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting This policy setting affects the ability of users to install or uninstall color profiles.If you enable this policy setting This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting This policy setting prohibits access to Windows Connect Now (WCN) wizards. If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars!EnableRegistrars This policy setting allows you to manage whether spyware definitions are used during a scan.If you enable or do not configure this setting This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting HKLM\Software\Policies\Microsoft\Windows Defender!ProxyBypass HKLM\Software\Policies\Microsoft\Windows Defender!ProxyServer HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Extensions HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Paths HKLM\Software\Policies\Microsoft\Windows Defender\Exclusions!Exclusions_Processes HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS!ThrottleDetectionEventsRate HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\IP Ranges!Nis_Consumers_IPS_Exclusions_Ip_Ranges_Ip_Range HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Ports!Nis_Consumers_IPS_Exclusions_Ports_Port_Number HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Processes!Nis_Consumers_IPS_Exclusions_Processes_executable_Path_and_Name HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\Exclusions\Threat IDs!Nis_Consumers_IPS_Exclusions_Threat_Ids_Threat_Id HKLM\Software\Policies\Microsoft\Windows Defender\NIS\Consumers\IPS\SKU Differentiation!Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid HKLM\Software\Policies\Microsoft\Windows Defender\Quarantine!PurgeItemsAfterDelay This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!IOAVMaxSize HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection!RealtimeScanDirection HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defender\Remediation!Scan_ScheduleTime HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!AdditionalActionTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!CriticalFailureTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!NonCriticalTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!RecentlyCleanedTimeout HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingComponents HKLM\Software\Policies\Microsoft\Windows Defender\Reporting!WppTracingLevel HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxDepth HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ArchiveMaxSize HKLM\Software\Policies\Microsoft\Windows Defender\Scan!AvgCPULoadFactor This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate" HKLM\Software\Policies\Microsoft\Windows Defender\Scan!PurgeItemsAfterDelay HKLM\Software\Policies\Microsoft\Windows Defender\Scan!QuickScanInterval HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScanParameters HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleQuickScanTime HKLM\Software\Policies\Microsoft\Windows Defender\Scan!ScheduleTime HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ASSignatureDue HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!AVSignatureDue HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!DefinitionUpdateFileSharesSources HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!FallbackOrder HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleDay HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!ScheduleTime HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateCatchupInterval HKLM\Software\Policies\Microsoft\Windows Defender\Signature Updates!SignatureUpdateInterval HKLM\Software\Policies\Microsoft\Windows Defender\Spynet!SpynetReporting HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatIdDefaultAction HKLM\Software\Policies\Microsoft\Windows Defender\Threats!Threats_ThreatSeverityDefaultAction HKLM\Software\Policies\Microsoft\Windows Defender\UX Configuration!CustomDefaultActionToastString Hide the Back button in the Open dialog box.This policy setting lets you remove new features added in Microsoft Windows 2000 Professional Removes the list of most recently used files from the Open dialog box.If you disable this setting or do not configure it Removes the shortcut bar from the Open dialog box.This setting HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\comdlg32\Placesbar!Place0 Allows you to have File Explorer display a confirmation dialog whenever a file is deleted or moved to the Recycle Bin.If you enable this setting This setting is designed to ensure that shell extensions can operate on a per-user basis. If you enable this setting This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path This policy setting allows you to turn off caching of thumbnail pictures.If you enable this policy setting This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting This policy setting allows you to remove the DFS tab from File Explorer.If you enable this policy setting This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu. This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open Removes the Hardware tab.This setting removes the Hardware tab from Mouse Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc) This policy setting allows you to remove the Shared Documents folder from My Computer.When a Windows client is in a workgroup Prevents users from using File Explorer or Network Locations to map or disconnect network drives.If you enable this setting When a file or folder is deleted in File Explorer Removes the Security tab from File Explorer.If you enable this setting Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.If you enable this setting Prevents users from using My Computer to gain access to the content of selected drives.If you enable this setting Turn off Windows+X hotkeys.Keyboards with a Windows key provide users with shortcuts to common shell features. For example This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedOpenSearch HKCU\Software\Policies\Microsoft\Windows\Explorer!TryHarderPinnedLibrary This policy setting allows you to prevent data loss when you change the target location for Folder Redirection HKCU\Software\Policies\Microsoft\Windows\Explorer!DisableKnownFolders This policy setting allows you to turn off the display of snippets in Content view mode.If you enable this policy setting This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly. If you enable this policy Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) HKLM\Software\Policies\Microsoft\Windows\System!EnableSmartScreen HKLM\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized HKCU\Software\Policies\Microsoft\Windows\Explorer!ExplorerRibbonStartsMinimized Allows unsolicited incoming messages from specified systems that authenticate using the IPsec transport.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications!Enabled Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Turns on Windows Firewall.If you enable this policy setting Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings!AllowOutboundDestinationUnreachable HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging!LogDroppedPackets Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts!Enabled Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop!Enabled Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Turns on Windows Firewall.If you enable this policy setting Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings!AllowOutboundDestinationUnreachable HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging!LogDroppedPackets Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop!Enabled Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages.If you enable this policy setting HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\UPnPFramework!Enabled Denies or allows access to the Windows Mail application.If you enable this setting Denies or allows access to the Windows Mail application.If you enable this setting Windows Mail will not check your newsgroup servers for Communities support. Windows Mail will not check your newsgroup servers for Communities support. Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).When enabled This policy setting allows you to turn off do not show first use dialog boxes.If you enable this policy setting This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting This policy setting allows you to prevent video smoothing from occurring.If you enable this policy setting This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting This policy setting allows you to prevent media sharing from Windows Media Player.If you enable this policy setting This policy setting allows you to prevent media information for music files from being retrieved from the Internet.If you enable this policy setting This policy setting allows you to prevent a shortcut for the Player from being added to the Quick Launch bar.If you enable this policy setting This policy setting allows you to prevent a shortcut icon for the Player from being added to the user's desktop.If you enable this policy setting This policy setting allows a screen saver to interrupt playback.If you enable this policy setting This policy setting allows you to prevent Windows Media Player from downloading codecs.If you enable this policy setting This policy setting allows you to hide the Privacy tab in Windows Media Player.If you enable this policy setting This policy setting allows you to hide the Security tab in Windows Media Player.If you enable this policy setting HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!SetAndLockSkin HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\HTTP!ProxyPolicy HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\MMS!ProxyPolicy HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols\RTSP!ProxyPolicy This policy setting allows you to hide the Network tab.If you enable this policy setting HKCU\Software\Policies\Microsoft\WindowsMediaPlayer!NetworkBufferingPolicy HKCU\Software\Policies\Microsoft\WindowsMediaPlayer\Protocols!WindowsMediaStreamingProtocols This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting This policy setting prevents Windows Messenger from automatically running at logon. If you enable this policy setting This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting This policy setting allows you to prevent Windows Messenger from running.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting HKLM\Software\Policies\Microsoft\Windows\WinRM\Client!TrustedHosts HKLM\Software\Policies\Microsoft\Windows\WinRM\Service!AllowAutoConfig HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate!DisableWindowsUpdateAccess HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!NoAutoUpdate HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!UseWUServer HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!DetectionFrequencyEnabled This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled Specifies that to complete a scheduled installation When Windows Update requires a restart to finish installing updates HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootRelaunchTimeoutEnabled HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RebootWarningTimeoutEnabled HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU!RescheduleWaitTimeEnabled HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate!TargetGroupEnabled At least Windows Server 2003 operating systems or Windows XP Professional with SP1 This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level This policy controls whether the logged on user should be notified when his logon hours are about to expire. By default This policy controls which action will be taken when the logon hours expire for the logged on user. The actions include lock the workstation This policy setting controls whether or not software can simulate the Secure Attention Sequence (SAS).If you enable this policy setting Specifies whether to prevent the MS-DOS subsystem (ntvdm.exe) from running on this computer. This setting affects the launching of 16-bit applications in the operating system.You can use this setting to turn off the MS-DOS subsystem This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes This policy setting controls the state of the Program Compatibility Assistant (PCA). The PCA monitors applications run by the user. When a potential compatibility issue with an application is detected This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input This policy setting allows you to configure the logic that Windows uses to determine the risk for file attachments.Preferring the file handler instructs Windows to use the file handler data over the file type data. For example This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting This policy setting allows you to configure the list of high-risk file types. If the file attachment is in the list of high-risk file types and is from the restricted zone This policy setting allows you to configure the list of moderate-risk file types. If the attachment is in the list of moderate-risk file types and is from the restricted or Internet zone This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting sets the default behavior for Autorun commands. Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines. Prior to Windows Vista This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to prevent AutoPlay from remembering user's choice of what to do when a device is connected. If you enable this policy setting This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result This policy setting allows you to turn off the Autoplay feature. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result This policy setting allows or prevents the Windows Biometric Service to run on this computer. If you enable or do not configure this policy setting This policy setting determines whether users with a domain account can log on or elevate User Account Control (UAC) permissions using biometrics.By default This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server). To prevent any negative impact to a computer caused by serving other peers This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server. This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs This policy setting directs the system to search Active Directory for missing Component Object Model (COM) components that a program requires.Many Windows programs Prevents users from allowing others in a conference to control what they have shared. This enforces a read-only mode; the other participants cannot change the data in the shared application. Disables full duplex mode audio. Users will not be able to listen to incoming audio while speaking into the microphone. Older audio hardware does not perform well when in full duplex mode. Limits the bandwidth audio and video will consume when in a conference. This setting will guide NetMeeting to choose the right formats and send rate so that the bandwidth is limited. Disables the 2.x whiteboard feature of NetMeeting.The 2.x whiteboard is available for compatibility with older versions of NetMeeting only.Deployers who do not need it can save bandwidth by disabling it. Prevents users from turning on automatic acceptance of incoming calls.This ensures that others cannot call and connect to NetMeeting when the user is not present.This policy is recommended when deploying NetMeeting to run always. Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book." Disables the Advanced Calling button on the General Options page. Users will not then be able to change the call placement method and the servers used. Prevents the Screen Saver dialog from opening in the Personalization or Display Control Panel. This setting prevents users from using Control Panel to add This setting allows you to force a specific visual style file by entering the path (location) of the visual style file.This can be a local computer visual style (aero.msstyles) This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example This policy setting prevents users from starting Task Manager.Task Manager (taskmgr.exe) lets users start and stop programs; monitor the performance of their computers; view and monitor all programs running on their computers Allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.If you enable this policy setting Displays the filter bar above the results of an Active Directory search. The filter bar consists of buttons for applying additional filters to search results.If you enable this setting Hides the Active Directory folder in Network Locations.The Active Directory folder displays Active Directory objects in a browse window.If you enable this setting Specifies the maximum number of objects the system displays in response to a command to browse or search Active Directory. This setting affects all browse displays associated with Active Directory Removes the Internet Explorer icon from the desktop and from the Quick Launch bar on the taskbar.This setting does not prevent the user from starting Internet Explorer by using other methods. Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting This policy setting allows you to configure the number of seconds Windows waits for a device installation task to complete. If you enable this policy setting This policy setting allows you to prevent Windows from creating a system restore point during device activity that would normally prompt Windows to create a system restore point. Windows normally creates restore points for certain driver activity This policy setting allows you to prevent Windows from installing removable devices. A device is considered removable when the driver for the device to which it is connected indicates that the device is removable. For example This policy setting allows you to prevent the installation of devices that are not specifically described by any other policy setting.If you enable this policy setting This policy setting allows you to display a custom message title in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting This policy setting allows you to display a custom message to users in a notification when a device installation is attempted and a policy setting prevents the installation.If you enable this policy setting Windows has a feature that sends "generic-driver-installed" reports through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting Windows has a feature that allows a device driver to request additional software through the Windows Error Reporting infrastructure. This policy allows you to disable the feature.If you enable this policy setting This policy setting allows you to configure how often a Distributed File System (DFS) client attempts to discover domain controllers on a network. By default Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. If you enable this policy setting This policy setting turns off all support for the non-volatile (NV) cache on all hybrid hard disks in the system. To check if you have hybrid hard disks in the system This policy setting determines whether the system records an event in the Application log when users reach their disk quota warning level on a volume.If you enable this policy setting This policy setting extends the disk quota policies in this folder to NTFS file system volumes on removable media.If you disable or do not configure this policy setting Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP. To use this policy setting Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.If you enable this policy setting Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.To specify the TTL Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting This policy setting locks Enhanced Storage devices when the computer is locked.This policy setting is supported in Windows Server SKUs only.If you enable this policy setting This policy setting configures whether or not non-Enhanced Storage removable devices are allowed on your computer.If you enable this policy setting This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting This policy setting controls whether Windows Error Reporting saves its own events and error messages to the system event log.If you enable this policy setting This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.If you enable this policy setting This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products This policy setting controls whether memory dumps in support of OS-generated error reports can be sent to Microsoft automatically. This policy does not apply to error reports generated by 3rd-party products This policy setting controls Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting specifies applications for which Windows Error Reporting should always report errors.To create a list of applications for which Windows Error Reporting never reports errors This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting limits Windows Error Reporting behavior for errors in general applications when Windows Error Reporting is turned on.If you enable this policy setting This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting This policy setting determines the behavior of the Configure Default Consent setting in relation to custom consent settings.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string. You cannot configure write permissions for this log.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size and takes effect only if the "Retain old events" policy setting is enabled.If you enable this policy setting and the "Retain old events" policy setting is enabled This policy setting specifies to use the security descriptor for the log using the Security Descriptor Definition Language (SDDL) string.If you enable this policy setting This policy setting controls Event Log behavior when the log file reaches its maximum size.If you enable this policy setting and a log file reaches its maximum size This policy setting controls the location of the log file. The location of the file must be writable by the Event Log service and should only be accessible to administrators.If you enable this policy setting This is the URL that will be passed to the Description area in the Event Properties dialog box. Change this value if you want to use a different Web server to handle event information requests. This policy setting allows administrators to prevent users from adding new items such as files or folders to the root of their Users Files folder in File Explorer.If you enable this policy setting This policy is similar to settings directly available to computer users. Disabling animations can improve usability for users with some visual disabilities as well as improving performance and battery life in some scenarios. Compression can add to the processing overhead of filesystem operations. Enabling this setting will prevent access to and creation of compressed files. These settings provide control over whether or not short names are generated during file creation. Some applications require short names for compatibility Tracks the last play time of games in the Games folder.If you enable this setting the last played time of games will not be recorded in Games folder. This setting only affects the Games folder. If you disable or do not configure this setting This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting prevents the user from customizing their locale by changing their user overrides.Any existing overrides in place when this policy is enabled will be frozen. To remove existing user overrides This policy setting removes the Administrative options from the Region settings control panel. Administrative options include interfaces for setting system locale and copying settings to the default user. This policy setting does not This policy setting removes the option to change the user's geographical location (GeoID) from the Region settings control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting removes the regional formats interface from the Region settings control panel.This policy setting is used only to simplify the Regional and Language Options control panel.If you enable this policy setting This policy setting restricts the Windows UI language for all users.This is a policy setting for computers with more than one UI language installed.If you enable this policy setting This policy setting restricts the Windows UI language for specific users.This policy setting applies to computers with more than one UI language installed.If you enable this policy setting This policy setting restricts users to the specified language by disabling the menus and dialog box controls in the Region settings control panel. If the specified language is not installed on the target computer This policy setting determines how programs interpret two-digit years.This policy setting affects only the programs that use this Windows feature to interpret two-digit years. If a program does not interpret two-digit years correctly This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default This policy setting specifies how long Group Policy should wait for network availability notifications during startup policy processing. If the startup policy processing is synchronous This policy setting prevents administrators from viewing or using Group Policy preferences.A Group Policy administration (.adm) file can contain both true settings and preferences. True settings This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied This policy setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Local Users and Groups preference extension. When a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to restrict certain HTML Help commands to function only in HTML Help (.chm) files within specified folders and their subfolders. Alternatively This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting This policy setting specifies whether users can search and view content from Windows Online in Help and Support. Windows Online provides the most up-to-date Help content for Windows.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether "Events.asp" hyperlinks are available for events within the Event Viewer application.The Event Viewer normally makes all HTTP(S) URLs into hyperlinks that activate the Internet browser when clicked. In addition This policy setting specifies whether to show the "Did you know?" section of Help and Support Center.This content is dynamically updated when users who are connected to the Internet open Help and Support Center This policy setting specifies whether users can perform a Microsoft Knowledge Base search from the Help and Support Center.The Knowledge Base is an online source of technical support information and self-help tools for Microsoft products This policy setting specifies whether the Internet Connection Wizard can connect to Microsoft to download a list of Internet Service Providers (ISPs).If you enable this policy setting This policy setting specifies whether the Windows Registration Wizard connects to Microsoft.com for online registration.If you enable this policy setting This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.When users search the local computer or the Internet This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting specifies whether Windows Messenger collects anonymous information about how Windows Messenger software and service is used.With the Customer Experience Improvement program This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level Designates the Microsoft Network (MSN) Carpoint automatic pricing control as administrator-approved.This control enables enhanced pricing functionality on the Carpoint Web site This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy Designates the Microsoft Chat ActiveX control as administrator-approved.This control is used by Web authors to build text-based and graphical-based Chat communities for real-time conversations on the Web.If you enable this policy Designates a set of MSNBC controls as administrator-approved.These controls enable enhanced browsing of news reports on the MSNBC Web site.If you enable this policy Designates Microsoft Scriptlet Component as an administrator approved control. It is an Active X control which is used to render HTML pages.If you enable this policy This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting This policy setting allows you to manage whether users receive a dialog requesting permission for active content on a CD to run.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. Certificates are revoked when they have been compromised or are no longer valid This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting prevents the text on the screen from being rendered through the ClearType technology that enhances the readability of text on LCD displays.If you enable this policy setting This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality This policy setting allows you to turn Caret Browsing on or off. Caret Browsing allows users to browse to a webpage by using the keyboard to move the cursor. Caret Browsing supports standard text-editor functionality Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8 This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting prevents the user from using the Reset Internet Explorer Settings feature. Reset Internet Explorer Settings allows the user to reset all settings changed since installation This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can automatically download and install Web components (such as fonts) that can installed by Internet Explorer Active Setup. For example This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer will save encrypted pages that contain secure (HTTPS) information such as passwords and credit card numbers to the Internet Explorer cache This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting allows you to manage whether Internet Explorer deletes the contents of the Temporary Internet Files folder after all browser windows are closed. This protects against storing dangerous files on the computer This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting This policy setting let you turn off Inline AutoComplete in File Explorer. Inline AutoComplete provides suggestions for what you type by automatically completing the command inline with the closest match. By default This policy setting specifies whether to display script errors when a page does not appear properly because of problems with its scripting. This feature is off by default Prevents channel providers from recording information about when their channel pages are viewed by users who are working offline.If you enable this policy Prevents users from viewing the Channel bar interface. Channels are Web sites that are automatically updated on their computer according to a schedule specified by the channel provider.If you enable this policy Prevents users from editing an existing schedule for downloading Web pages for offline viewing.When users make Web pages available for offline viewing Prevents users from disabling channel synchronization in Microsoft Internet Explorer.Channels are Web sites that are automatically updated on your computer according to a schedule specified by the channel provider.If you enable this policy Prevents users from clearing the preconfigured settings for Web pages to be downloaded for offline viewing.When users make Web pages available for offline viewing This policy setting prevents the user from specifying the code download path for each computer. The Internet Component Download service exposes a function that is called by an application to download This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer uses 8-bit Unicode Transformation Format (UTF-8) for mailto links.If you enable this policy setting This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting prevents the user from ignoring Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate errors that interrupt browsing (such as "expired" This policy setting prevents the user from specifying a URL that contains update information about cipher strength. When the user logs on to a secure page This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to ensure that any Internet Explorer add-ons not listed in the 'Add-on List' policy setting are denied. Add-ons in this case are controls like ActiveX Controls This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default This policy setting allows you to manage whether processes respect add-on management user preferences (as reflected by Add-on Manager) or policy settings. By default This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default This policy setting allows you to manage whether Internet Explorer 9 can install ActiveX controls and other binaries signed with MD2 and MD4 signing technologies. Internet Explorer 9 does not support MD2 and MD4 signing technologies by default Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default This policy setting allows you to manage whether the Notification bar is displayed for processes other than the Internet Explorer processes when file or code installs are restricted. By default This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting This policy setting determines whether Internet Explorer MIME sniffing will prevent promotion of a file of one type to a more dangerous file type.If you enable this policy setting The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting The MK Protocol Security Restriction policy setting reduces attack surface area by preventing the MK protocol. Resources hosted on the MK protocol will fail.If you enable this policy setting Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting This policy setting defines whether a reference to an object is accessible when the user navigates within the same domain or to a new domain.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of ActiveX control installation.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting This policy setting enables applications hosting the Web Browser Control to block automatic prompting of file downloads that are not user initiated.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether a user has access to the Reopen Last Browsing Session feature in Internet Explorer.If you enable this policy setting This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.If you enable this policy setting This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting This policy setting allows you to customize the Internet Explorer version string as reported to web servers in the HTTP User Agent header.If you enable this policy setting Specifies that Automatic Detection will be used to configure dial-up settings for users.Automatic Detection uses a DHCP (Dynamic Host Configuration Protocol) or DNS server to customize the browser the first time it is started.If you enable this policy This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting prevents the user from managing a filter that warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing."If you enable this policy setting This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting This policy setting logs information that is blocked by new features in Internet Explorer. The logged compatibility information is displayed in the Windows Event Viewer.If you enable this policy setting This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting allows you to disable browser geolocation support. This will prevent websites from requesting location data about the user.If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects. If you enable this policy setting This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.If you enable this policy setting This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings This policy setting prevents the user from performing actions which will delete browsing history. For more information on browsing history Group Policy settings This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting form data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents users from deleting passwords. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting cookies. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting the history of websites that he or she has visited. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting his or her download history. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting temporary Internet files. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting favorites site data. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting allows the automatic deletion of specified items when the last browser window closes. The preferences selected in the Delete Browsing History dialog box (such as deleting temporary Internet files This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.If you enable this policy setting This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to set the rate at which Internet Explorer creates new tab processes. There are two algorithms that Internet Explorer uses.The default algorithm has four settings: low This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.If you enable this policy setting This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 This policy setting allows you to turn off tabbed browsing and related entry points from the Internet Explorer user interface. Starting with Windows 8 This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting This policy setting allows you to define the user experience related to how pop-up windows appear in tabbed browsing in Internet Explorer.If you enable this policy setting This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting This policy setting allows you to configure how windows open in Internet Explorer when the user clicks links from other applications.If you enable this policy setting Allows Administrators to enable and disable the ability for Outlook Express users to save or open attachments that can potentially contain a virus.If you check the block attachments setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting Prevents users from changing certificate settings in Internet Explorer. Certificates are used to verify the identity of software publishers.If you enable this policy This policy setting allows you to choose whether users will be notified if Internet Explorer is not the default web browser.If you enable this policy setting Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.If you enable this policy setting This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting This AutoComplete feature suggests possible matches when users are entering Web addresses in the browser address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting Makes the Customize button in the Search Assistant appear dimmed.The Search Assistant is a tool that appears in the Search bar to help users search the Internet.If you enable this policy Applies security zone information to all users of the same computer. A security zone is a group of Web sites with the same security level.If you enable this policy Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.If you enable this policy Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on websites other than the website that installed the ActiveX control.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy controls whether or not the Cross-Site Scripting (XSS) Filter will detect and prevent cross-site script injections into websites in this zone.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Trusted Sites Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.If you enable this policy setting This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting This policy setting controls whether sites which bypass the proxy server are mapped into the local Intranet security zone.If you enable this policy setting This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting causes a Notification bar notification to appear when intranet content is loaded and the intranet mapping rules have not been configured. The Notification bar allows the user to enable intranet mappings This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether a resource hosted on an admin-restricted protocol in the Intranet Zone can run active content such as script This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting controls whether websites can open new Internet Explorer windows that have no status bar or Address bar.If you enable this policy setting This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting allows the playing of video and animation through older media players in specified zones. Video and animation playback through the object tag may still be allowed This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls the first-run response that the user sees on a zone-by-zone basis. When the user encounters a new control that has not previously run in Internet Explorer This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting controls whether or not local path information is sent when the user is uploading a file via an HTML form. If the local path information is sent This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting controls whether or not the "Open File - Security Warning" message appears when the user tries to open executable files or other potentially unsafe files (from an intranet file share by using File Explorer This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage the loading of XPS files. These files contain a fixed-layout representation of paginated content and are portable across platforms This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting (tag) to redirect browsers to another Web page.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage dynamic binary and script behaviors: components that encapsulate specific functionality for HTML elements to which they were attached.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can display nonsecure items and manage whether users receive a security information message to display pages containing both secure and nonsecure items.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.If you enable this policy setting This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether file downloads are permitted from the zone. This option is determined by the zone of the page with the link causing the download This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether users can install Active Desktop items from this zone. The settings for this option are: If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.If you enable this policy setting This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in the same window.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to set options for dragging content from one domain to a different domain when the source and destination are in different windows.If you enable this policy setting and click Enable This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether users are prompted to select a certificate when no certificate or only one certificate exists.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether an ActiveX control marked safe for scripting can interact with a script.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars.If you enable this policy setting This policy setting prevents the user from specifying the color to which hyperlinks change when the mouse pointer pauses on them.If you enable this policy setting This policy setting prevents the user from specifying the color of webpage links that he or she has not yet clicked. Appropriate color choices can make links easier to see for some users This policy setting prevents the user from specifying the color of webpage links that he or she has already clicked. Appropriate color choices can make links easier to see for some users This policy setting prevents the shortcut menu from appearing when a user right-clicks a webpage while using Internet Explorer. Starting with Windows 8 This policy setting specifies that you want Internet Explorer to automatically resize large images so that they fit in the browser window.If you enable this policy setting This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether Internet Explorer plays media files that use alternative codecs and that require additional software.If you enable this policy setting This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting This policy setting specifies whether you want Internet Explorer to smooth images so that they appear less jagged when displayed.If you enable this policy setting This policy setting specifies whether Internet Explorer prints background colors and images when the user prints a webpage. Including background colors and images might reduce the speed at which a page is printed and the quality of the printing This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents users from having Internet Explorer automatically discover whether a feed or Web Slice is available for an associated webpage.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting This policy setting prevents the user from using Internet Explorer as a feed reader. This policy setting has no impact on the Windows RSS Platform.If you enable this policy setting This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows users to have their feeds authenticated through the Basic authentication scheme over an unencrypted HTTP connection.If you enable this policy setting This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete This policy setting allows you to bypass prompting when a script that is running in any process on the computer attempts to perform a Clipboard operation (delete This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar This policy setting allows you to specify whether a user can browse to the website of a top result when search is enabled on the Address bar. The possible options are: Disable top result search: When a user performs a search in the Address bar This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to hide the reveal password button when Internet Explorer prompts users for a password. The reveal password button is displayed during password entry. When the user clicks the button This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.1 from 6 connections per host to a limit of your choice (from 2 through 128).If you enable this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to change the default connection limit for HTTP 1.0 from 6 connections per host to a limit of your choice (from 2 through 128).If you disable or do not configure this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to manage whether documents can request data across third-party domains embedded in the page.If you enable this policy setting This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows you to change the default limit of WebSocket connections per server. The default limit is 6; you can select a value from 2 through 128.If you enable this policy setting This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar This policy setting allows you to turn off the toolbar upgrade tool. The toolbar upgrade tool determines whether incompatible toolbars or Browser Helper Objects are installed when Internet Explorer starts. If the tool detects an incompatible toolbar Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy This policy setting prevents the user from changing the default URL for checking updates to Internet Explorer and Internet Tools.If you enable this policy setting This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to turn off the ActiveX Opt-In prompt. ActiveX Opt-In prevents websites from loading any ActiveX control without prior approval. If a website attempts to load an ActiveX control that Internet Explorer has not used before This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to turn off the InPrivate Browsing feature.InPrivate Browsing prevents Internet Explorer from storing data about a user's browsing session. This includes cookies This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to choose whether or not toolbars and Browser Helper Objects (BHOs) are loaded by default during an InPrivate Browsing session.Toolbars and BHOs may store data about a user's browsing session. By default This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to turn off the collection of data used by the InPrivate Filtering Automatic mode.The data consists of the URLs of third-party content This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting This policy setting restricts the list of Accelerators that the user can access to only the set deployed through Group Policy.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting This policy setting controls the Compatibility View button that appears on the Command bar. This button allows the user to fix website display problems that he or she may encounter while browsing.If you enable this policy setting Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Quirks Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy controls the website compatibility lists that Microsoft provides. The updated website lists are available on Windows Update.If you enable this policy setting This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the number of days an inactive application cache will exist before it is removed. If the application cache is used before the expiration time limit This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum number of resource entries that can be specified in a manifest file associated with an application cache. If the manifest associated with an application cache exceeds the number of resources allowed This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting sets the maximum size for an individual resource file contained in a manifest file. The manifest file is used to create the application cache. If any file in the manifest exceeds the allowed size This policy setting configures Internet Explorer to automatically install new versions of Internet Explorer when they are available.If you enable this policy setting Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. If enabled then discovered targets may not be manually configured. If disabled then discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then only those sessions that are established via a persistent login will be established and no new persistent logins may be created. If disabled then additional persistent and non persistent logins may be established. If enabled then only those connections that are configured for IPSec may be established. If disabled then connections that are configured for IPSec or connections not configured for IPSec may be established. If enabled then only those sessions that are configured for mutual CHAP may be established. If disabled then sessions that are configured for mutual CHAP or sessions not configured for mutual CHAP may be established. If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. This policy setting controls whether the domain controller provides information about previous logons to client computers.If you enable this policy setting This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon. If you enable this policy setting This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN) This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores the customized run list.You can create a customized list of additional programs and documents that the system starts automatically when it runs on Windows Vista This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting specifies additional programs or documents that Windows starts automatically when a user logs on to the system.If you enable this policy setting This policy setting hides the welcome screen that is displayed on Windows 2000 Professional each time the user logs on.If you enable this policy setting This policy setting directs the system to display highly detailed status messages.This policy setting is designed for advanced users who require this information.If you enable this policy setting This policy setting turns off the Windows Startup sound and prevents its customization in the Sound item of Control Panel.The Microsoft Windows Startup sound is heard during system startup and cold startup This policy setting ignores Windows Logon Background.This policy setting may be used to make Windows give preference to a custom logon background. If you enable this policy setting This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos This policy setting allows or prevents Windows Media Center to run.Windows Media Center is a digital media player and video recorder that allows users to organize and play music and videos This policy setting allows you to configure Automatic Maintenance activation boundary. The maintenance activation boundary is the daily schduled time at which Automatic Maintenance starts If you enable this policy setting This policy setting allows you to configure Automatic Maintenance wake up policy. The maintenance wakeup policy specifies if Automatic Maintenance should make a wake request to the OS for the daily scheduled maintenance. Note This policy setting configures Microsoft Support Diagnostic Tool (MSDT) interactive communication with the support provider. MSDT gathers diagnostic data for analysis by support professionals.If you enable this policy setting This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting This policy setting prevents users from searching for installation files when they add features or components to an installed program. If you enable this policy setting This policy setting controls Windows Installer's processing of the MsiLogging property. The MsiLogging property in an installation package can be used to enable automatic logging of all install operations for the package.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting prohibits Windows Installer from generating and saving the files it needs to reverse an interrupted or unsuccessful installation.If you enable this policy setting This policy setting permits users to change installation options that typically are available only to system administrators.If you enable this policy setting This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting This policy setting prevents Windows Installer from creating a System Restore checkpoint each time an application is installed. System Restore enables users This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 This policy setting allows Web-based programs to install software on the computer without notifying the user.If you disable or do not configure this policy setting This policy setting saves copies of transform files in a secure location on the local computer.Transform files consist of instructions to modify or customize a program during installation.If you enable this policy setting This policy setting allows the Network Access Protection (NAP) client to support the Windows XP version of the 802.1x Enforcement Client component.If you enable this policy setting Specifies the e-mail address to be used when sending the log files that are generated by NCA to the network administrator. When the user sends the log files to the Administrator Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Specifies whether the user has Connect and Disconnect options for the DirectAccess entry when the user clicks the Networking notification area icon.If the user clicks the Disconnect option Specifies whether NCA service runs in Passive Mode or not.Set this to Disabled to keep NCA probing actively all the time. If this setting is not configured Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default This policy setting enables you to specify the host name of a computer known to be on the corporate network. Successful resolution of this host name to the expected address indicates corporate connectivity. This policy setting enables you to specify the expected address of the host name used for the DNS probe. Successful resolution of the host name to this address indicates corporate connectivity. This policy setting enables you to specify the list of IPv6 corporate site prefixes to monitor for corporate connectivity. Reachability of addresses with any of these prefixes indicates corporate connectivity. This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting determines the maximum retry interval allowed when applications performing periodic searches for Domain Controllers (DCs) are unable to find a DC.For example This policy setting determines when retries are no longer allowed for applications that perform periodic searches for domain controllers (DC) are unable to find a DC. For example This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that periodically attempt to locate DCs This policy setting specifies the level of debug output for the Net Logon service.The Net Logon service outputs debug information to the log file netlogon.log in the directory %windir%\debug. By default This policy setting specifies the additional time for the computer to wait for the domain controllers (DC) response when logging on to the network.To specify the expected dial-up delay at logon This policy setting specifies the maximum size in bytes of the log file netlogon.log in the directory %windir%\debug when logging is enabled.By default This policy setting specifies the amount of time (in seconds) the DC locator remembers that a domain controller (DC) could not be found in a domain. When a subsequent attempt to locate the DC occurs within the time set in this setting This policy setting controls whether or not the Netlogon share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.If you enable this policy setting This policy setting determines when a successful DC cache entry is refreshed. This policy setting is applied to caller programs that do not periodically attempt to locate DCs This policy setting determines the interval at which Netlogon performs the following scavenging operations:- Checks if a password on a secure channel needs to be modified This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting This policy setting controls whether or not the SYSVOL share created by the Net Logon service on a domain controller (DC) should support compatibility in file sharing semantics with earlier applications.When this setting is enabled This policy setting specifies whether the computers to which this setting is applied attempt DNS name resolution of a single-label domain names.By default This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the value for the Time-To-Live (TTL) field in SRV resource records that are registered by the Net Logon service. These DNS records are dynamically registered This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records This policy setting specifies the Weight field in the SRV resource records registered by the domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service This policy setting specifies the sites for which the domain controllers (DC) that host the application directory partition should register the site-specific This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting This policy setting enables DC Locator to attempt to locate a DC in the nearest site based on the site link cost if a DC in same the site is not found. In scenarios with multiple sites This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller This policy setting detremines the type of IP address that is returned for a domain controller. The DC Locator APIs return the IP address of the DC with the other parts of information. Before the support of IPv6 This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later This policy setting allows you to control the processing of incoming mailslot messages by a local domain controller (DC).Note: To locate a remote DC based on its NetBIOS (single-label) domain name Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed Determines whether users can delete remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default Prohibits use of Internet Connection Firewall on your DNS domain network.Determines whether users can enable the Internet Connection Firewall feature on a connection Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.To create an all-user remote access connection Determines whether users can connect and disconnect remote access connections.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether users can view and change the properties of their private remote access connections.Private connections are those that are available only to one user. To create a private connection Determines whether users can rename their private remote access connections.Private connections are those that are available only to one user. To create a private connection This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting This policy setting disables the Connect to a Network Projector wizard so that users cannot connect to a network projector. If you enable this policy setting This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting This policy setting lists network files and folders that are always available for offline use. This ensures that the specified files and folders are available offline to users of the computer.If you enable this policy setting This policy setting determines whether the Offline Files feature is enabled. Offline Files saves a copy of network files on the user's computer for use when the computer is not connected to the network.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting This policy setting allows you to manage a list of files and folders for which you want to block the "Make Available Offline" command.If you enable this policy setting Configures the threshold value at which Offline Files considers a network connection to be "slow". Any network speed below this value is considered to be slow.When a connection is considered slow This policy setting allows you to turn on economical application of administratively assigned Offline Files.If you enable or do not configure this policy setting This policy setting controls whether files read from file shares over a slow network are transparently cached in the Offline Files cache for future reads. When a user tries to access a file that has been transparently cached This policy setting enables administrators to block certain file types from being created in the folders that have been made available offline.If you enable this policy setting This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting sets the seed server for the link local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting sets the seed server for the site local cloud to a specified node in the enterprise.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. The protocol This policy setting specifies the default percentage of total disk space that is allocated for the BranchCache disk cache on client computers.If you enable this policy setting This policy setting specifies whether BranchCache hosted cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting specifies whether BranchCache distributed cache mode is enabled on client computers to which this policy is applied. In addition to this policy This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting This policy setting specifies the action that Windows takes when battery capacity reaches the critical battery notification level.If you enable this policy setting This policy setting specifies the action that Windows takes when battery capacity reaches the low battery notification level.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the critical battery notification action.If you enable this policy setting This policy setting specifies the percentage of battery capacity remaining that triggers the low battery notification action.If you enable this policy setting This policy setting turns off the user notification when the battery capacity remaining equals the low battery notification level.If you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the power button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user presses the sleep button.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the action that Windows takes when a user closes the lid on a mobile PC.Possible actions include:-Take no action-Sleep-Hibernate-Shut downIf you enable this policy setting This policy setting specifies the active power plan from a specified power plans GUID. The GUID for a custom power plan GUID can be retrieved by using powercfg This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.If you enable or do not configure this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting This policy setting allows you to manage how long a computer must be inactive before Windows turns off the computers display.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.If you enable this policy setting This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the brightness of the display when Windows automatically reduces brightness of the display.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting allows you to specify the period of inactivity before Windows transitions to sleep automatically when a user is not present at the computer.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on local disks. The previous versions could come from the on-disk restore points or from backup media.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a local file.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This policy setting lets you hide the list of previous versions of files that are on file shares. The previous versions come from the on-disk restore points on the file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This setting lets you suppress the Restore button in the previous versions property page when the user has selected a previous version of a file on a file share.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting This policy setting lets you hide entries in the list of previous versions of a file in which the previous version is located on backup media. Previous versions can come from the on-disk restore points or the backup media.If you enable this policy setting Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting Specifies the Active Directory location where searches for printers begin. The Add Printer Wizard gives users the option of searching Active Directory for a shared printer. If you enable this policy setting This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes) This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process Determines whether the pruning service on a domain controller prunes printer objects that are not automatically republished whenever the host computer does not respond Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt Directs the system to periodically verify that the printers published by this computer still appear in Active Directory. This setting also specifies how often the system repeats the verification. By default This setting prevents users from using the Programs Control Panel in Category View and Programs and Features in Classic View. The Programs Control Panel allows users to uninstall This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured Prevents users from viewing or installing published programs from the network. This setting prevents users from accessing the "Get Programs" page from the Programs Control Panel in Category View This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Determines the percentage of connection bandwidth that the system can reserve. This value limits the combined bandwidth reservations of all programs running on the system.By default Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets that do not conform to the flow specification. The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting This policy setting allows the Windows Management Instrumentation (WMI) providers Win32_ReliabilityStabilitymetrics and Win32_ReliabilityRecords to provide data to Reliability Monitor in the Action Center control panel Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting This policy setting controls whether or not unplanned shutdown events can be reported when error reporting is enabled.If you enable this policy setting This policy setting defines when the Shutdown Event Tracker System State Data feature is activated.The system state data file contains information about the basic system state as well as the state of all running processes.If you enable this policy setting This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.If you enable this policy setting This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes Configure access to all removable storage classes.This policy setting takes precedence over any individual removable storage policy settings. To manage individual classes This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting This policy setting determines how long the system waits for scripts applied by Group Policy to run. This setting limits the total time allowed for all logon This policy setting hides the instructions in logon scripts written for Windows NT 4.0 and earlier. Logon scripts are batch files of instructions that run when the user logs on. By default This policy setting displays the instructions in logoff scripts as they run.Logoff scripts are batch files of instructions that run when the user logs off. By default This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting directs the system to wait for logon scripts to finish running before it starts the File Explorer interface program and creates the desktop.If you enable this policy setting This policy setting displays the instructions in logon scripts as they run.Logon scripts are batch files of instructions that run when the user logs on. By default This policy setting displays the instructions in shutdown scripts as they run.Shutdown scripts are batch files of instructions that run when the user restarts the system or shuts it down. By default This policy setting lets the system run startup scripts simultaneously.Startup scripts are batch files that run before the user is invited to log on. By default This policy setting displays the instructions in startup scripts as they run.Startup scripts are batch files of instructions that run before the user is invited to log on. By default This policy setting determines whether scripted diagnostics will execute diagnostic packages that are signed by untrusted publishers.If you enable this policy setting This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example Enabling this policy allows you to specify a list of paths to index by default. The user may override these paths and exclude them from indexing. On a per-user basis Enabling this policy allows you to specify a list of paths to exclude from indexing by default. The user may override these paths and include them in indexing. On a per-user basis This Group Policy setting lets users turn off the performance optimization so that the TIFF IFilter will perform OCR for every page in a TIFF document This policy setting specifies whether Security Center is turned on or off for computers that are joined to an Active Directory domain. When Security Center is turned on This policy setting allows you to turn off the automatic display of the Initial Configuration Tasks window at logon on Windows Server 2008 and Windows Server 2008 R2. If you enable this policy setting Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting determines whether the user can publish DFS roots in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting determines whether the user can publish shared folders in Active Directory Domain Services (AD DS).If you enable or do not configure this policy setting This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting This policy setting lets you allow certificates without an Extended Key Usage (EKU) set to be used for logon.In versions of Windows prior to Windows Vista This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting This policy setting permits those certificates to be displayed for logon that are either expired or not yet valid.Under previous versions of Microsoft Windows This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example This policy setting lets you determine whether an optional field will be displayed during logon and elevation that allows a user to enter his or her user name or user name and domain This policy setting allows you to control whether a confirmation message is displayed when a smart card device driver is installed.If you enable or do not configure this policy setting This policy setting allows you to control whether elliptic curve cryptography (ECC) certificates on a smart card can be used to log on to a domain.If you enable this policy setting This policy setting allows an administrator to configure extensive logging for computers that are running Server for Network Information Service (NIS).If you enable this policy setting This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.SNMP is a protocol designed to give a user the capability to remotely manage a computer network This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment Hides pop-up text on the Start menu and in the notification area.When you hold the cursor over an item on the Start menu or in the notification area Prevents the operating system and installed programs from creating and displaying shortcuts to recently opened documents.If you enable this setting This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.If you enable this policy setting This setting affects the taskbar buttons used to switch between running programs.Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.If you enable this setting This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.If you enable this policy setting This policy setting allows you to removes the "Log Off <username>" item from the Start menu and prevents users from restoring it.If you enable this policy setting If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result Allows you to disable System Restore configuration through System Protection.This policy setting allows you to turn off System Restore configuration through System Protection.System Restore enables users Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.The Start Menu and Taskbar display Jump Lists off of programs. These menus include files This policy setting allows you to specify a router name or Internet Protocol version 4 (IPv4) address for an ISATAP router.If you enable this policy setting This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to specify the interval at which the relay name is resolved. The 6to4 relay name resolution interval setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to specify the name of the Teredo server. This server name will be used on the Teredo client computer where this policy setting is applied.If you enable this policy setting This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session This policy setting allows you to specify whether desktop composition is allowed for remote desktop sessions. This policy setting does not apply to RemoteApp sessions.Desktop composition provides the user interface elements of Windows Aero This policy setting allows you to specify whether to use the RD Connection Broker load balancing feature to balance the load between servers in an RD Session Host server farm. If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify whether the default client printer is the only printer redirected in Remote Desktop Services sessions.If you enable this policy setting This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state after closing all RemoteApp programs before the session is logged off from the RD Session Host server.By default This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth This policy setting specifies the IP address and network mask that corresponds to the network adapter used for virtual IP addresses. The IP address and network mask should be entered in Classless Inter-Domain Routing notation; for example This policy setting specifies whether a session uses the IP address of the Remote Desktop Session Host server if a virtual IP address is not available.If you enable this policy setting This policy setting specifies whether Windows Installer RDS Compatibility runs on a per user basis for fully installed applications. Windows Installer allows one instance of the msiexec process to run at a time. By default This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server.If you enable this policy setting This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).You can choose to disable Connect Time Detect This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.If you enable this policy setting Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services.You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.If you enable this policy setting This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.By default This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.If you enable this policy setting This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.By default This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.If you enable this policy setting Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.You can use this setting to direct Remote Desktop Services to end a session (that is This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.If you enable this policy setting This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.You can use this setting to maintain a user's session-specific temporary folders on a remote computer This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.If you enable or do not configure this policy setting This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.If you enable this policy setting This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.If you enable this policy setting This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.If you enable this policy setting This policy setting allows you to enable Remote Desktop Protocol (RDP) 8.0 on this computer. Please read the following KB article before enabling this Group Policy. http://go.microsoft.com/fwlink/?LinkID=251814If you enable this policy setting This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.By default This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.If you enable this policy setting This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.If you enable this policy setting This policy setting adds the Administrator security group to the roaming user profile share.Once an administrator has configured a user's roaming profile This policy setting determines whether Windows keeps a copy of a user's roaming profile on the local computer's hard drive when the user logs off. Roaming profiles reside on a network server. By default This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings This policy setting will automatically log off a user when Windows cannot load their profile. If Windows cannot access the user profile folder or the profile contains errors that prevent it from loading This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting This policy setting allows you to specify which network directories will be synchronized only at logon and logoff via Offline Files. This policy setting is meant to be used in conjunction with Folder Redirection This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize This policy setting specifies whether Windows should use the specified network path as the roaming user profile path for all users logging onto this computer.To use this policy setting This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting This policy setting allows you to configure whether or not enhanced startup PINs are used with BitLocker.Enhanced startup PINs permit the use of characters including uppercase and lowercase letters This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting This policy setting determines whether BitLocker protection is required for fixed data drives to be writable on a computer. This policy setting is applied when you turn on BitLocker.If you enable this policy setting This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting This policy setting allows you to manage whether backups of only system volumes is allowed or both OS and data volumes can be backed up.If you enable this policy setting This policy setting allows you to configure routinely taking action on detected items. It is recommended that you enable this policy. If you enable this setting This policy setting allows you to configure real-time protection. This setting controls all real-time protection components. It is recommended that you turn on real-time protection.If you enable or do not configure this setting This policy setting allows you to manage whether a check for new virus and spyware definitions will occur before running a scan. This setting applies to scheduled scans as well as the command line "mpcmdrun -SigUpdate" This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.If you enable this policy setting This policy setting allows you to hide these specified drives in My Computer.This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also Removes the File menu from My Computer and File Explorer.This setting does not prevent users from using other methods to perform tasks available on the File menu. This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer. Folder Options allows users to change the way files and folders open Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.The Manage item opens Computer Management (Compmgmt.msc) This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order. If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.If you enable this policy setting Prevents Windows Firewall from displaying notifications to the user when a program requests that Windows Firewall add the program to the program exceptions list.If you enable this policy setting Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting This policy setting allows you to prevent the anchor window from being displayed when Windows Media Player is in skin mode.If you enable this policy setting This policy setting allows you to prevent media information for CDs and DVDs from being retrieved from the Internet.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Digest authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Negotiate authentication.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses Kerberos authentication directly.If you enable this policy setting This policy setting allows you to manage whether the Windows Remote Management (WinRM) client uses CredSSP authentication.If you enable this policy setting This policy setting allows you to control whether non-administrative users will receive update notifications based on the "Configure Automatic Updates" policy setting. If you enable this policy setting Specifies whether Automatic Updates should automatically install certain updates that neither interrupt Windows services nor restart Windows.If the status is set to Enabled Specifies whether Automatic Updates will deliver both important as well as recommended updates from the Windows Update update service.When this policy is enabled This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.If you enable this policy setting This policy setting controls whether or not the system displays information about previous logons and logon failures to the user.For local user accounts and domain user accounts in domains of at least a Windows Server 2008 functional level This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off The policy controls the state of the Switchback compatibility engine in the system. Switchback is a mechanism that provides generic compatibility mitigations to older applications by providing older behavior to old applications and new behavior to new applications. Switchback is on by default.If you enable this policy setting This policy controls the state of the application compatibility engine in the system.The engine is part of the loader and looks through a compatibility database every time an application is started on the system. If a match for the application is found it provides either run-time solutions or compatibility fixes This policy setting controls the state of Steps Recorder.Steps Recorder keeps a record of steps taken by the user. The data generated by Steps Recorder can be used in feedback systems such as Windows Error Reporting to help developers understand and fix problems. The data includes user actions such as keyboard input and mouse input This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job. The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit If you enable this setting all Customer Experience Improvement Program uploads are redirected to Microsoft Operations Manager server.If you disable this setting uploads are not redirected to a Microsoft Operations Manager server.If you do not configure this setting uploads are not redirected to a Microsoft Operations Manager server. Disables the directory feature of NetMeeting.Users will not logon to a directory (ILS) server when NetMeeting starts. Users will also not be able to view or place calls via a NetMeeting directory.This policy is for deployers who have their own location or calling schemes such as a Web site or an address book." This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example Removes the Network Locations icon from the desktop.This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network.Note: In operating systems earlier than Microsoft Windows Vista This policy setting allows you to determine how drivers signed by a Microsoft Windows Publisher certificate are ranked with drivers signed by other valid Authenticode signatures during the driver selection and installation process. Regardless of this policy setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether Digital Locker can run.Digital Locker is a dedicated download manager associated with Windows Marketplace and a feature of Windows that can be used to manage and download products acquired and stored in the user's Windows Marketplace Digital Locker.If you enable this setting Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example This policy setting configures whether or not only USB root hub connected Enhanced Storage devices are allowed. Allowing only root hub connected Enhanced Storage devices minimizes the risk of an unauthorized USB device reading data on an Enhanced Storage device.If you enable this policy setting This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting prevents a user from selecting a supplemental custom locale as their user locale. The user is restricted to the set of locales that are installed with the operating system.This does not affect the selection of replacement locales. To prevent the selection of replacement locales This policy setting removes the option to change the user's menus and dialogs (UI) language from the Language and Regional Options control panel.This policy setting is used only to simplify the Regional Options control panel.If you enable this policy setting This policy setting allows Microsoft Windows to process user Group Policy settings asynchronously when logging on through Remote Desktop Services. Asynchronous user Group Policy processing is the default processing mode for Windows Vista and Windows XP.By default This policy setting defines a slow connection for purposes of applying and updating Group Policy.If the rate at which data is transferred from the domain controller providing a policy update to the computers in this group is slower than the rate specified by this setting This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured This setting allows you to enable or disable Resultant Set of Policy (RSoP) logging on a client computer.RSoP logs information on Group Policy settings that have been applied to the client. This information includes details such as which Group Policy Objects (GPO) were applied This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under Computer Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to permit or prohibit use of the Control Panel Settings item and all preference extensions listed in the Group Policy Management Editor window of the GPMC under User Configuration\Preferences\Control Panel Settings. When the Control Panel Settings item or a preference extension is prohibited This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting This policy setting specifies whether users can participate in the Help Experience Improvement program. The Help Experience Improvement program collects information about how customers use Windows Help so that Microsoft can improve it.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting specifies whether the "Order Prints Online" task is available from Picture Tasks in Windows folders.The Order Prints Online Wizard is used to download a list of providers and allow users to order prints online.If you enable this policy setting This policy setting turns off the Windows Customer Experience Improvement Program. The Windows Customer Experience Improvement Program collects information about your hardware configuration and how you use our software and services to identify trends and usage patterns. Microsoft will not collect your name This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.As part of determining the connectivity level This ActiveX control enables users to edit HTML text and see a faithful rendition of how the text would look in the browser. There are two versions of the control: a more powerful version that cannot be invoked by a web site because it includes file access and other features Designates the Microsoft Agent ActiveX control as administrator-approved.Microsoft Agent is a set of software services that supports the presentation of software agents as interactive personalities within the Microsoft Windows interface.If you enable this policy This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting prevents ActiveX controls from running in Protected Mode when Enhanced Protected Mode is enabled. When a user has an ActiveX control installed that is not compatible with Enhanced Protected Mode and a website attempts to load the control This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer checks for digital signatures (which identifies the publisher of signed software and verifies it hasn't been modified or tampered with) on user computers before downloading executable programs.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether users can download and install self-installing program files (non-Internet Explorer components) that are registered with Internet Explorer (such as Macromedia and Java) that are required in order to view web pages as intended.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display animated pictures found in Web content. Generally only animated GIF files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will play sounds found in web content. Generally only sound files such as MIDI files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer will display videos found in Web content. Generally only embedded video files are affected by this setting; active Web content such as java applets are not.If you enable this policy setting This policy setting allows you to turn on inline AutoComplete in Internet Explorer and File Explorer. The AutoComplete feature provides suggestions for what the user types by automatically completing the address or command with the closest match.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting This policy setting allows you to manage whether Internet Explorer converts Unicode domain names to internationalized domain name (IDN) format (Punycode) before sending them to Domain Name System (DNS) servers or to proxy servers.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer contains dynamic binary behaviors: components that encapsulate specific functionality for the HTML elements to which they are attached. This policy setting controls whether the Binary Behavior Security Restriction setting is prevented or allowed.If you enable this policy setting Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Internet Explorer uses Multipurpose Internet Mail Extensions (MIME) data to determine file handling procedures for files received through a Web server.This policy setting determines whether Internet Explorer requires that all file-type information provided by Web servers be consistent. For example Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting Internet Explorer may be configured to prevent active content obtained through restricted protocols from running in an unsafe manner. This policy setting controls whether restricting content obtained through restricted protocols is prevented or allowed.If you enable this policy setting This policy setting prevents the user from changing the level of pop-up filtering. The available levels are as follows: High: Block all pop-ups. Medium: Block most automatic pop-ups. Low: Allow pop-ups from secure sites.If you enable this policy setting This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This policy setting allows you to revert to the Internet Explorer 8 behavior of allowing OnUnLoad script handlers to display UI during shutdown. This policy setting may be needed to fix compatibility problems with particular web applications.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This setting specifies to automatically detect the proxy server settings used to connect to the Internet and customize Internet Explorer. This setting specifies that Internet explorer use the configuration settings provided in a file by the system administrator.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting This policy setting turns off URL Suggestions. URL Suggestions allow users to autocomplete URLs in the address bar based on common URLs. The list of common URLs is stored locally and is updated once a month. No user data is sent over the internet by this feature.If you enable this policy setting Specifies that programs using the Microsoft Software Distribution Channel will not notify users when they install new components. The Software Distribution Channel is a means of updating software dynamically on users' computers by using Open Software Distribution (.osd) technologies.If you enable this policy This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting allows you to turn on Protected Mode. Protected Mode helps protect Internet Explorer from exploited vulnerabilities by reducing the locations that Internet Explorer can write to in the registry and the file system.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage the loading of Extensible Application Markup Language (XAML) files. XAML is an XML-based declarative markup language commonly used for creating rich user interfaces and graphics that take advantage of the Windows Presentation Foundation.If you enable this policy setting and set the drop-down box to Enable This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether data on HTML forms on pages in the zone may be submitted. Forms sent with SSL (Secure Sockets Layer) encryption are always allowed; this setting only affects non-SSL form data submission.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.If you enable this policy setting This policy setting specifies whether placeholders appear for graphical images while the images are downloading. This allows items on the page to be positioned where they will appear when the images are completely downloaded. This option is ignored if the Show Pictures check box is cleared.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to turn on or turn off Data URI support. A Data URI allows web developers to encapsulate images and .css files within the body of the URL and optionally encode them by using base 64 encoding. Malware filters or other network-based filters may not properly filter encapsulated data.If you enable this policy setting This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 This policy setting allows you to choose whether websites can request data across domains by using the XDomainRequest object. Note that this policy setting does not block client-side communication across domains through other features in Internet Explorer 8 The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also The WebSocket object allows websites to request data across domains from your browser by using the WebSocket protocol. This policy setting allows administrators to enable or disable the WebSocket object. This policy setting does not prevent client-side communication across domains via other features in Internet Explorer 10. Also This policy setting allows Internet Explorer to be started automatically to complete the signup process after the branding is complete for Internet service providers (ISPs) through the Internet Explorer Administration Kit (IEAK).If you enable this policy setting Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for InPrivate Filtering Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to establish the threshold for Tracking Protection Automatic mode.The threshold sets the number of first-party sites that a particular third-party item can be referenced from before it is blocked. Setting this value lower can help prevent more third-party sites from obtaining details about a user's browsing. However This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting allows you to turn on Internet Explorer 7 Standards Mode. Compatibility View determines how Internet Explorer identifies itself to a web server and determines whether content is rendered in Internet Explorer 7 Standards Mode or the Standards Mode available in the latest version of Internet Explorer.If you enable this policy setting This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain This policy setting sets data storage limits for indexed databases of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for indexed databases. If a domain exceeds the indexed database storage limit for an individual domain This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain This policy setting sets file storage limits for application caches of websites that have been allowed to exceed their storage limit. The Set default storage limits for websitespolicy setting sets the data storage limits for application caches. If a domain exceeds the application cache storage limit for an individual domain Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy If enabled then new iSNS servers may not be added and thus new targets discovered via those iSNS servers; existing iSNS servers may not be removed. If disabled then new iSNS servers may be added and thus new targets discovered via those iSNS servers; existing iSNS servers may be removed. If enabled then new target portals may not be added and thus new targets discovered on those portals; existing target portals may not be removed. If disabled then new target portals may be added and thus new targets discovered on those portals; existing target portals may be removed. If enabled then new targets may not be manually configured by entering the target name and target portal; already discovered targets may be manually configured. If disabled then new and already discovered targets may be manually configured. Note: if enabled there may be cases where this will break VDS. If enabled then only those sessions that are configured for one-way CHAP may be established. If disabled then sessions that are configured for one-way CHAP or sessions not configured for one-way CHAP may be established. Note that if the "Do not allow sessions without mutual CHAP" setting is enabled then that setting overrides this one. This policy setting allows you to configure this server so that Kerberos can decrypt a ticket that contains this system-generated SPN. When an application attempts to make a remote procedure call (RPC) to this server with a NULL value for the service principal name (SPN) This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting ignores customized run-once lists.You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.If you enable this policy setting This policy setting controls Windows Installer's interaction with the Restart Manager. The Restart Manager API can eliminate or reduce the number of system restarts that are required to complete an installation or update.If you enable this policy setting This policy setting controls the ability of non-administrators to install updates that have been digitally signed by the application vendor.Non-administrator updates provide a mechanism for the author of an application to create digitally signed updates that can be applied by non-privileged users.If you enable this policy setting This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 Specifies whether an entry for DirectAccess connectivity appears when the user clicks the Networking notification area icon.Set this to Disabled to prevent user confusion when you are just using DirectAccess to remotely manage DirectAccess client computers from your intranet and not providing seamless intranet access. If this setting is not configured Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address Specifies the IPv6 addresses of the endpoints of the Internet Protocol security (IPsec) tunnels that enable DirectAccess. NCA attempts to access the resources that are specified in the Corporate Resources setting through these configured tunnel endpoints. By default This policy setting enables you to specify the HTTPS URL of the corporate website that clients use to determine the current domain location (i.e. whether the computer is inside or outside the corporate network). Reachability of the URL destination indicates that the client location is inside corporate network; otherwise it is outside the network. This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting specifies the Active Directory site to which computers belong.An Active Directory site is one or more well-connected TCP/IP subnets that allow administrators to configure Active Directory access and replication.To specify the site name for this setting This policy setting determines whether domain controllers (DC) will dynamically register DC Locator site-specific SRV records for the closest sites where no DC for the same domain exists (or no Global Catalog for the same forest exists). These DNS records are dynamically registered by the Net Logon service This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the sites for which the global catalogs (GC) should register site-specific GC locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the GC resides This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records This policy setting specifies the sites for which the domain controllers (DC) register the site-specific DC Locator DNS SRV resource records. These records are registered in addition to the site-specific SRV records registered for the site where the DC resides This policy setting determines if dynamic registration of the domain controller (DC) locator DNS resource records is enabled. These DNS records are dynamically registered by the Net Logon service and are used by the Locator algorithm to locate the DC.If you enable this policy setting This policy setting determines the interval for when a Force Rediscovery is carried out by DC Locator.The Domain Controller Locator (DC Locator) service is used by clients to find domain controllers for their Active Directory domain. When DC Locator finds a domain controller This policy setting controls whether the Net Logon service will allow the use of older cryptography algorithms that are used in Windows NT 4.0. The cryptography algorithms used in Windows NT 4.0 and earlier are not as secure as newer algorithms used in Windows 2000 or later Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) Determines whether settings that existed in Windows 2000 Server family will apply to Administrators.The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default This policy setting determines whether a remote client computer routes Internet traffic through the internal network or whether the client accesses the Internet directly.When a remote client computer connects to an internal network using DirectAccess This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting enables or disables PNRP cloud creation.PNRP is a distributed name resolution protocol allowing Internet hosts to publish peer names with a corresponding Internet Protocol version 6 (IPv6) address. Other hosts can then resolve the name This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting Specifies how often the pruning service on a domain controller contacts computers to verify that their printers are operational. The pruning service periodically contacts computers that have published printers. If a computer does not respond to the contact message (optionally Specifies how many times the pruning service on a domain controller repeats its attempt to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact message Specifies whether or not to log events when the pruning service on a domain controller attempts to contact a computer before pruning the computer's printers. The pruning service periodically contacts computers that have published printers to verify that the printers are still available for use. If a computer does not respond to the contact attempt This setting prevents users from accessing "Installed Updates" page from the "View installed updates" task."Installed Updates" allows users to view and uninstall updates currently installed on the computer. The updates are often downloaded directly from Windows Update or from various program publishers.If this setting is disabled or not configured This policy setting allows an administrator to turn on the Windows to Network Information Service (NIS) password synchronization for UNIX-based user accounts that have been migrated to Active Directory Domain Services.If you enable this policy setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Best Effort service type (ServiceTypeBestEffort). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Guaranteed service type (ServiceTypeGuaranteed). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Qualitative service type (ServiceTypeQualitative). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting Determines the smallest unit of time that the Packet Scheduler uses when scheduling packets for transmission. The Packet Scheduler cannot schedule packets for transmission more frequently than permitted by the value of this entry.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Controlled Load service type (ServiceTypeControlledLoad). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Specifies an alternate link layer (Layer-2) priority value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding priority value in the Layer-2 header of the packets.If you enable this setting Requirements: Windows 7 Description: This policy setting controls whether users can access the options in Recovery (in Control Panel) to restore the computer to the original state or from a user-created system image. If you enable or do not configure this policy setting This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information. The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner. If you disable this policy setting This policy setting controls the idle connection timeout for RPC/HTTP connections. This policy setting is useful in cases where a network agent like an HTTP proxy or a router uses a lower idle connection timeout than the IIS server running the RPC/HTTP proxy. In such cases This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting This policy setting allows users to access and run the troubleshooting tools that are available in the Troubleshooting Control Panel and to run the troubleshooting wizard to troubleshoot problems on their computers.If you enable or do not configure this policy setting This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy prevents users from adding UNC locations to the index from the Search and Indexing Options in Control Panel. Any UNC locations that have already been added to the index by the user will not be removed.When this policy is disabled or not configured Enabling this policy allows indexing of items for online delegate mailboxes on a Microsoft Exchange server. This policy affects only delegate mailboxes that are online. Microsoft Outlook 2007 allows users to cache portions of delegate mailboxes locally (for example Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting specifies whether users can share files within their profile. By default users are allowed to share files within their profile to other users on their network after an administrator opts in the computer. An administrator can opt in the computer by using the sharing wizard to share a file within their profile.If you enable this policy setting This policy setting lets you determine whether the integrated unblock feature will be available in the logon User Interface (UI).In order to use the integrated unblock feature your smart card must support this feature. Please check with your hardware manufacturer to see if your smart card supports this feature.If you enable this policy setting This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting lets you allow signature key-based certificates to be enumerated and available for logon.If you enable this policy setting then any certificates available on the smart card with a signature only key will be listed on the logon screen.If you disable or do not configure this policy setting This policy setting allows you to manage the certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then certificate propagation will occur when you insert your smart card.If you disable this policy setting This policy setting allows you to manage the clean up behavior of root certificates. If you enable this policy setting then root certificate cleanup will occur according to the option selected. If you disable or do not configure this setting then root certificate clean up will occur on log off. This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. This policy setting lets you reverse the subject name from how it is stored in the certificate when displaying it during logon. By default the user principal name (UPN) is displayed in addition to the common name to help users distinguish one certificate from another. For example This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Specifies whether Sound Recorder can run.Sound Recorder is a feature of Microsoft Windows Vista that can be used to record sound from an audio input device where the recorded sound is encoded and saved as an audio file.If you enable this policy setting Lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment This setting affects the notification area (previously called the "system tray") on the taskbar.Description: The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.If this setting is enabled Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text This policy setting allows you to specify a 6to4 relay name for a 6to4 host. A 6to4 relay is used as a default gateway for IPv6 network traffic sent by the 6to4 host. The 6to4 relay name setting has no effect if 6to4 connectivity is not available on the host.If you enable this policy setting This policy setting allows you to configure Window Scaling Heuristics. Window Scaling Heuristics is an algorithm to identify connectivity and throughput problems caused by many Firewalls and other middle boxes that don't interpret Window Scaling option correctly.If you do not configure this policy setting This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. If you enable this policy setting This policy setting allows you to specify whether the desktop is always displayed after a client connects to a remote computer or whether an initial program can run. It can require that the desktop be displayed after a client connects to a remote computer This policy setting allows you to specify whether font smoothing is allowed for remote connections.Font smoothing provides ClearType functionality for a remote connection. ClearType is a technology for displaying computer fonts so that they appear clear and smooth This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.If you enable this policy setting and set quality to Medium This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.If you enable this policy setting Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.If the status is set to Enabled This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.If the status is set to Enabled This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.When deployed on an RD Virtualization Host server This policy setting disables the detection of slow network connections. Slow link detection measures the speed of the connection between a user's computer and the remote server that stores the roaming user profile. When the system detects a slow link This policy setting determines whether the system retains a roaming user's Windows Installer and Group Policy based software installation data on their profile deletion.By default Windows deletes all information related to a roaming user (which includes the user's settings This policy setting allows an administrator to automatically delete user profiles on system restart that have not been used within a specified number of days. Note: One day is interpreted as 24 hours after a specific user profile was accessed.If you enable this policy setting This policy setting controls how long Windows waits for a response from the network before logging on a user without a remote home directory and withou synchronizing roaming user profiles. This policy setting is useful for the cases in which a network might take typically longer to initialize This policy setting allows you to specify the default path that is displayed when the BitLocker Drive Encryption setup wizard prompts the user to enter the location of a folder in which to save the recovery password. This policy setting is applied when you turn on BitLocker.If you enable this policy setting This policy setting controls computer restart performance at the risk of exposing BitLocker secrets. This policy setting is applied when you turn on BitLocker. BitLocker secrets include key material used to encrypt data. This policy setting applies only when BitLocker protection is enabled.If you enable this policy setting This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute This policy setting controls whether a BitLocker-protected computer that is connected to a trusted wired Local Area Network (LAN) and joined to a domain can create and use Network Key Protectors on TPM-enabled computers to automatically unlock the operating system drive when the computer is started.If you enable this policy This policy setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.If you enable this policy setting This policy setting specifies whether the Windows NTP Client is enabled.Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.If you enable this policy setting This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.File Explorer shows suggestion pop-ups as users type into the Search Box. These suggestions are based on their past entries into the Search Box.Note: If you enable this policy This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.If you enable this policy setting This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer) Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting Allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Windows Firewall uses two program exceptions lists; the other is defined by the "Windows Firewall: Define inbound program exceptions" policy setting.If you enable this policy setting Allows administrators to use the Windows Firewall component in Control Panel to define a local port exceptions list. Windows Firewall uses two port exceptions lists; the other is defined by the "Windows Firewall: Define inbound port exceptions" policy setting.If you enable this policy setting This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.If you enable this policy setting This policy controls the visibility of the Program Compatibility property page shell extension. This shell extension is visible on the property context-menu of any program shortcut or executable file.The compatibility property page displays a list of options that can be selected and applied to the application to resolve the most common issues affecting legacy applications. Enabling this policy setting removes the property page from the context-menus The policy controls the state of the Application Telemetry engine in the system.Application Telemetry is a mechanism that tracks anonymous usage of specific Windows system components by applications.Turning Application Telemetry off by selecting "enable" will stop the collection of usage data.If the customer Experience Improvement program is turned off This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.If you enable this policy setting This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist This policy setting allows the administrator to exclude the specifiedcredential providers from use during authentication.Note: credential providers are used to process and validate usercredentials during logon or when authentication is required.Windows Vista provides two default credential providers:Password and Smart Card. An administrator can install additionalcredential providers for different sets of credentials(for example Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates Specifies the DNS suffixes to attach to an unqualified single-label name before submission of a DNS query for that name.An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com."Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example This policy setting allows you to set the default display name for new Group Policy objects.This setting allows you to specify the default name for new Group Policy objects created from policy compliant Group Policy Management tools including the Group Policy tab in Active Directory tools and the GPO browser.The display name can contain environment variables and can be a maximum of 255 characters long.If this setting is Disabled or Not Configured This policy setting allows you to exclude HTML Help Executable from being monitored by software-enforced Data Execution Prevention. Data Execution Prevention (DEP) is designed to block malicious code that takes advantage of exception-handling mechanisms in Windows by monitoring your programs to make sure that they use system memory safely. If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting specifies whether to allow printing over HTTP from this client.Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting determines whether Internet Explorer 11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.Important: Some ActiveX controls and toolbars may not be available when 64-bit processes are used.If you enable this policy setting This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting allows you to configure whether newly installed add-ons are automatically activated in the Internet Explorer 9 browser. Any add-ons that were activated in a previous version of Internet Explorer are considered to be the same as newly installed add-ons and are not activated when the user upgrades to Internet Explorer 9.In Internet Explorer 9 This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting prevents the user from deleting InPrivate Filtering data. Internet Explorer collects InPrivate Filtering data during browser sessions other than InPrivate Browsing sessions to determine which third-party items should be blocked when InPrivate Filtering is enabled. This feature is available in the Delete Browsing History dialog box.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting allows you to prevent Windows Search AutoComplete from providing results in the Internet Explorer Address bar.Windows Search AutoComplete suggests possible matches when a user is entering a web address in the browser Address bar. This feature provides more relevant results in the browser Address bar.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting This policy setting prevents the user's computer from starting Microsoft .NET Framework Setup when the user is browsing to .NET Framework content in Internet Explorer. The .NET Framework is the next-generation platform for Windows. It uses the common language runtime and incorporates support from multiple developer tools. It includes the new managed code APIs for Windows.If you enable this policy setting Prevents users from determining which buttons appear on the Microsoft Internet Explorer and File Explorer standard toolbars. The buttons appearing on the toolbar can be customized by the "Customize" option. This is present under the Toolbars submenu of the View menu in Internet Explorer 6 and under the Toolbars submenu of the Tools menu in the Command bar in subsequent versions of Internet Explorer.If you enable this policy This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off InPrivate Filtering.InPrivate Filtering helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. InPrivate Filtering does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting This policy setting allows you to turn off Tracking Protection.Tracking Protection helps users control whether third parties can automatically collect information about their browsing based on the sites that they visit. Tracking Protection does this by identifying third-party content that is used by multiple websites that users have visited.If you enable this policy setting Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy Turns off the handwriting recognition error reporting tool.The handwriting recognition error reporting tool enables users to report errors encountered in Tablet PC Input Panel. The tool generates error reports and transmits them to Microsoft over a secure connection. Microsoft uses these error reports to improve handwriting recognition in future versions of Windows.If you enable this policy This policy setting controls the ability for users or administrators to remove Windows Installer based updates.This policy setting should be used if you need to maintain a tight control over updates. One example is a lockdown environment where you want to ensure that updates once installed cannot be removed by users or administrators.If you enable this policy setting This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 Specifies resources on your intranet that are normally accessible to DirectAccess clients. Each entry is a string that identifies the type of resource and the location of the resource. Each string can be one of the following types: - A DNS name or IPv6 address that NCA pings. The syntax is PING:followed by a fully qualified domain name (FQDN) that resolves to an IPv6 address This policy setting defines whether a domain controller (DC) should attempt to verify the password provided by a client with the PDC emulator if the DC failed to validate the password.Contacting the PDC emulator is useful in case the clients password was recently changed and did not propagate to the DC yet. Users may want to disable this feature if the PDC emulator is located over a slow WAN connection.If you enable this policy setting This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records Determines whether a user can install and configure the Network Bridge.Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed Determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting) This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the global cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the link local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This setting disables PNRP protocol from advertising the computer or from searching other computers on the local subnet in the site local cloud.The Peer Name Resolution Protocol (PNRP) allows for distributed resolution of a name to an IPV6 address and port number. One of the ways in which PNRP bootstraps itself is by using multicast on the same subnet. That is This policy setting is used only when you have deployed one or more BranchCache-enabled file servers at your main office. This policy setting specifies when client computers in branch offices start caching content from file servers based on the network latency - or delay - that occurs when the clients download content from the main office over a Wide Area Network (WAN) link. When you configure a value for this setting This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting Enables the physical Location Tracking setting for Windows printers.Use Location Tracking to design a location scheme for your enterprise and assign computers and printers to locations in the scheme. Location Tracking overrides the standard method used to locate and associate computers and printers. The standard method uses a printer's IP address and subnet mask to estimate its physical location and proximity to computers.If you enable this setting Specifies an alternate Layer-3 Differentiated Services Code Point (DSCP) value for packets with the Network Control service type (ServiceTypeNetworkControl). The Packet Scheduler inserts the corresponding DSCP value in the IP header of the packets.This setting applies only to packets that do not conform to the flow specification.If you enable this setting This policy setting enables Remote Assistance invitations to be generated with improved encryption so that only computers running this version (or later versions) of the operating system can connect. This policy setting does not affect Remote Assistance connections that are initiated by instant messaging contacts or the unsolicited Offer Remote Assistance.If you enable this policy setting This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text Prevents the Touch Keyboard and Handwriting panel (a.k.a. Tablet PC Input Panel in Windows 7 and Windows Vista) from providing text prediction suggestions. This policy applies for both the on-screen keyboard and the handwriting tab when the feature is available for the current input area and input language.Touch Keyboard and Handwriting panel enables you to use handwriting or an on-screen keyboard to enter text This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.Note: The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.This policy setting is designed for computers that register address (A) resource records in DNS zones that do not use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and does not allow a DNS client to overwrite records that are registered by other computers.During dynamic update of resource records in a zone that does not use Secure Dynamic Updates This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy setting prevents Internet Explorer from displaying a notification when the average time to load all the user's enabled add-ons exceeds the threshold. The notification informs the user that add-ons are slowing his or her browsing and displays a button that opens the Disable Add-ons dialog box. The Disable Add-ons dialog box displays the load time for each group of add-ons enabled in the browser. It allows the user to disable add-ons and configure the threshold.If you enable this policy setting This policy controls the percentage of disk space available to the Windows Installer baseline file cache. The Windows Installer uses the baseline file cache to save baseline files modified by binary delta difference updates. The cache is used to retrieve the baseline file for future updates. The cache eliminates user prompts for source media when new updates are applied. If you enable this policy setting you can modify the maximum size of the Windows Installer baseline file cache. If you set the baseline cache size to 0 This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting specifies the Refresh Interval of the DC Locator DNS resource records for DCs to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used by the DC Locator algorithm to locate the DC. This setting may be applied only to DCs using dynamic update.DCs configured to perform dynamic registration of the DC Locator DNS resource records periodically reregister their records with DNS servers This policy setting specifies the Priority field in the SRV resource records registered by domain controllers (DC) to which this setting is applied. These DNS records are dynamically registered by the Net Logon service and are used to locate the DC.The Priority field in the SRV record sets the preference for target hosts (specified in the SRV records Target field). DNS clients that query for SRV resource records attempt to contact the first reachable host with the lowest priority number listed.To specify the Priority in the DC Locator DNS SRV resource records This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.This policy setting impacts all RPC applications. In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself. Reverting a change to this policy setting can require manual intervention on each affected machine. This policy setting should never be applied to a domain controller.If you disable this policy setting Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy Turns off data sharing from the handwriting recognition personalization tool.The handwriting recognition personalization tool tool enables Tablet PC users to adapt handwriting recognition to their own writing style by providing writing samples. The tool can optionally share user writing samples with Microsoft to improve handwriting recognition in future versions of Windows. The tool generates reports and transmits them to Microsoft over a secure connection.If you enable this policy This policy setting allows you to manage the reading of all certificates from the smart card for logon.During logon Windows will by default only read the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This setting forces Windows to read all the certificates from the card. This can introduce a significant performance decrease in certain situations. Please contact your smart card vendor to determine if your smart card and associated CSP supports the required behavior.If you enable this setting This policy setting allows you to manage the root certificate propagation that occurs when a smart card is inserted.If you enable or do not configure this policy setting then root certificate propagation will occur when you insert your smart card. Note: For this policy setting to work the following policy setting must also be enabled: Turn on certificate propagation from smart card.If you disable this policy setting then root certificates will not be propagated from the smart card. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.You can use this policy setting to select one of two licensing modes: Per User or Per Device.Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.If you enable this policy setting This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute This policy setting determines the amount of time (in seconds) to wait before the first retry for applications that perform periodic searches for domain controllers (DC) that are unable to find a DC.The default value for this setting is 10 minutes (10*60). The maximum value for this setting is 49 days (0x49*24*60*60=4233600). The minimum value for this setting is 0.This setting is relevant only to those callers of DsGetDcName that have specified the DS_BACKGROUND_ONLY flag.If the value of this setting is less than the value specified in the NegativeCachePeriod subkey This policy setting allows you to configure whether power is automatically turned off when Windows shutdown completes. This setting does not affect Windows shutdown behavior when shutdown is manually selected using the Start menu or Task Manager user interfaces. Applications such as UPS software may rely on Windows shutdown behavior.This setting is only applicable when Windows shutdown is initiated by software programs invoking the Windows programming interfaces ExitWindowsEx() or InitiateSystemShutdown().If you enable this policy setting This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.If you enable this policy setting This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default This policy setting allows you to associate an object identifier from a smart card certificate to a BitLocker-protected drive. This policy setting is applied when you turn on BitLocker.The object identifier is specified in the enhanced key usage (EKU) of a certificate. BitLocker can identify which certificates may be used to authenticate a user certificate to a BitLocker-protected drive by matching the object identifier in the certificate with the object identifier that is defined by this policy setting.Default object identifier is 1.3.6.1.4.1.311.67.1.1Note: BitLocker does not require that a certificate have an EKU attribute Status Policy Path Computer Configuration\Windows Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Account Policies\Password Policy Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy Computer Configuration\Windows Settings\Account Policies\Account Lockout Policy Computer Configuration\Windows Settings\Local Policies\Kerberos Policy Computer Configuration\Windows Settings\Local Policies\Kerberos Policy Computer Configuration\Windows Settings\Local Policies\Kerberos Policy Computer Configuration\Windows Settings\Local Policies\Kerberos Policy Computer Configuration\Windows Settings\Local Policies\Kerberos Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\Audit Policy Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\User Rights Assignment Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Local Policies\Security Options Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Event Log Computer Configuration\Windows Settings\Security Settings\Restricted Groups Computer Configuration\Windows Settings\Security Settings\System Services Computer Configuration\Windows Settings\Security Settings\Registry Computer Configuration\Windows Settings\Security Settings\File System Policy Name Supported On Enforce password history At least Windows XP SP2, Windows Server 2003 Maximum password age At least Windows XP SP2, Windows Server 2003 Minimum password age At least Windows XP SP2, Windows Server 2003 Minimum password length At least Windows XP SP2, Windows Server 2003 Password must meet complexity requirement At least Windows XP SP2, Windows Server 2003 Store passwords using reversible encryption for all users in the domain At least Windows XP SP2, Windows Server 2003 Account lockout duration At least Windows XP SP2, Windows Server 2003 Account lockout threshold At least Windows XP SP2, Windows Server 2003 Reset lockout counter after At least Windows XP SP2, Windows Server 2003 Enforce user logon restrictions At least Windows XP SP2, Windows Server 2003 Maximum lifetime for service ticket At least Windows XP SP2, Windows Server 2003 Maximum lifetime for user ticket At least Windows XP SP2, Windows Server 2003 Maximum lifetime for user ticket renewal At least Windows XP SP2, Windows Server 2003 Maximum tolerance for computer clock synchronization At least Windows XP SP2, Windows Server 2003 Audit account logon events At least Windows XP SP2, Windows Server 2003 Audit account management At least Windows XP SP2, Windows Server 2003 Audit directory service access At least Windows XP SP2, Windows Server 2003 Audit logon events At least Windows XP SP2, Windows Server 2003 Audit object access At least Windows XP SP2, Windows Server 2003 Audit policy change At least Windows XP SP2, Windows Server 2003 Audit privilege use At least Windows XP SP2, Windows Server 2003 Audit process tracking At least Windows XP SP2, Windows Server 2003 Audit system events At least Windows XP SP2, Windows Server 2003 Access this computer from the network At least Windows XP SP2, Windows Server 2003 Access Credential Manager as a trusted caller At least Windows Vista, Windows Server 2008 Act as part of the operating system At least Windows XP SP2, Windows Server 2003 Add workstations to a domain At least Windows XP SP2, Windows Server 2003 Adjust memory quotas for a process At least Windows XP SP2, Windows Server 2003 Allow log on locally At least Windows XP SP2, Windows Server 2003 Allow log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003 Backup files and directories At least Windows XP SP2, Windows Server 2003 Bypass traverse checking At least Windows XP SP2, Windows Server 2003 Change the system time At least Windows XP SP2, Windows Server 2003 Change the time zone At least Windows Vista, Windows Server 2008 Create a pagefile At least Windows XP SP2, Windows Server 2003 Create a token object At least Windows XP SP2, Windows Server 2003 Create global objects At least Windows XP SP2, Windows Server 2003 Create permanent shared objects At least Windows XP SP2, Windows Server 2003 Create Symbolic Links At least Windows Vista, Windows Server 2008 Debug programs At least Windows XP SP2, Windows Server 2003 Deny access to this computer from the network At least Windows XP SP2, Windows Server 2003 Deny log on as a batch job At least Windows XP SP2, Windows Server 2003 Deny log on as a service At least Windows XP SP2, Windows Server 2003 Deny log on locally At least Windows XP SP2, Windows Server 2003 Deny log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003 Enable computer and user accounts to be trusted for delegation At least Windows XP SP2, Windows Server 2003 Force shutdown from a remote system At least Windows XP SP2, Windows Server 2003 Generate security audits At least Windows XP SP2, Windows Server 2003 Impersonate a client after authentication At least Windows XP SP2, Windows Server 2003 Increase a process working set At least Windows Vista, Windows Server 2008 Increase scheduling priority At least Windows XP SP2, Windows Server 2003 Load and unload device drivers At least Windows XP SP2, Windows Server 2003 Lock pages in memory At least Windows XP SP2, Windows Server 2003 Log on as a batch job At least Windows XP SP2, Windows Server 2003 Log on as a service At least Windows XP SP2, Windows Server 2003 Log on locally Only Windows XP SP2 Manage auditing and security log At least Windows XP SP2, Windows Server 2003 Modify an object label At least Windows Vista, Windows Server 2008 Modify firmware environment values At least Windows XP SP2, Windows Server 2003 Perform volume maintenance tasks At least Windows XP SP2, Windows Server 2003 Profile single process At least Windows XP SP2, Windows Server 2003 Profile system performance At least Windows XP SP2, Windows Server 2003 Remove computer from docking station At least Windows XP SP2, Windows Server 2003 Replace a process level token At least Windows XP SP2, Windows Server 2003 Restore files and directories At least Windows XP SP2, Windows Server 2003 Shut down the system At least Windows XP SP2, Windows Server 2003 Synchronize directory service data At least Windows XP SP2, Windows Server 2003 Take ownership of files or other objects At least Windows XP SP2, Windows Server 2003 Accounts: Administrator account status Windows XP SP2, Windows Server 2003 Accounts: Block Microsoft accounts Windows 8, Windows Server 2012 Accounts: Guest account status At least Windows XP SP2, Windows Server 2003 Accounts: Limit local account use of blank passwords to console logon only At least Windows XP SP2, Windows Server 2003 Accounts: Rename administrator account At least Windows XP SP2, Windows Server 2003 Accounts: Rename guest account At least Windows XP SP2, Windows Server 2003 Audit: Audit the accesss of global system objects At least Windows XP SP2, Windows Server 2003 Audit: Audit the use of Backup and Restore privilege At least Windows XP SP2, Windows Server 2003 Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings At least Windows Vista, Windows Server 2008 Audit: Shut down system immediately if unable to log security audits At least Windows XP SP2, Windows Server 2003 DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax At least Windows XP SP2, Windows Server 2003 DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax At least Windows XP SP2, Windows Server 2003 Devices: Allow undock without having to log on At least Windows XP SP2, Windows Server 2003 Devices: Allowed to format and eject removable media At least Windows XP SP2, Windows Server 2003 Devices: Prevent users from installing printer drivers At least Windows XP SP2, Windows Server 2003 Devices: Restrict CD-ROM access to locally logged-on user only At least Windows XP SP2, Windows Server 2003 Devices: Restrict floppy access to locally logged-on user only At least Windows XP SP2, Windows Server 2003 Devices: Unsigned driver installation behavior Only Windows XP SP2, Windows Server 2003 Domain controller: Allow server operators to schedule tasks At least Windows XP SP2, Windows Server 2003 Domain controller: LDAP server signing requirements At least Windows XP SP2, Windows Server 2003 Domain controller: Refuse machine account password changes At least Windows XP SP2, Windows Server 2003 Domain member: Digitally encrypt or sign secure channel data (always) At least Windows XP SP2, Windows Server 2003 Domain member: Digitally encrypt secure channel data (when possible) At least Windows XP SP2, Windows Server 2003 Domain member: Digitally sign secure channel data (when possible) At least Windows XP SP2, Windows Server 2003 Domain member: Disable machine account password changes At least Windows XP SP2, Windows Server 2003 Domain member: Maximum machine account password age At least Windows XP SP2, Windows Server 2003 Domain member: Require strong (Windows 2000 or later) session key At least Windows XP SP2, Windows Server 2003 Interactive logon: Do not display last user name At least Windows XP SP2, Windows Server 2003 Interactive Logon: Display user information when session is locked At least Windows Vista, Windows Server 2008 Interactive logon: Do not require CTRL+ALT+DEL At least Windows XP SP2, Windows Server 2003 Interactive logon: Machine account lockout threshold Windows 8, Windows Server 2012 Interactive logon: Machine inactivity limit Windows 8, Windows Server 2012 Interactive logon: Message text for users attempting to logon At least Windows XP SP2, Windows Server 2003 Interactive logon: Message title for users attempting to logon At least Windows XP SP2, Windows Server 2003 Interactive logon: Number of previous logons to cache (in case domain controller is not available) At least Windows XP SP2, Windows Server 2003 Interactive logon: Prompt user to change password before expiration At least Windows XP SP2, Windows Server 2003 Interactive logon: Require Domain Controller authentication to unlock workstationAt least Windows XP SP2, Windows Server 2003 Interactive logon: Require smart card At least Windows XP SP2, Windows Server 2003 Interactive logon: Smart card removal behavior At least Windows XP SP2, Windows Server 2003 Microsoft network client: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003 Microsoft network client: Digitally sign communications (if server agrees) At least Windows XP SP2, Windows Server 2003 Microsoft network client: Send unencrypted password to third-party SMB serversAt least Windows XP SP2, Windows Server 2003 Microsoft network server: Amount of idle time required before suspending session At least Windows XP SP2, Windows Server 2003 Microsoft network server: Attempt S4U2Self to obtain claim information Windows 8, Windows Server 2012 Microsoft network server: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003 Microsoft network server: Digitally sign communications (if client agrees) At least Windows XP SP2, Windows Server 2003 Microsoft network server: Disconnect clients when logon hours expire At least Windows XP SP2, Windows Server 2003 Microsoft network server: Server SPN target name validation level At least Windows 7, Windows Server 2008 R2 Network access: Allow anonymous SID/Name translation At least Windows XP SP2, Windows Server 2003 Network access: Do not allow anonymous enumeration of SAM accounts At least Windows XP SP2, Windows Server 2003 Network access: Do not allow anonymous enumeration of SAM accounts and shares At least Windows XP SP2, Windows Server 2003 Network access: Do not allow storage of passwords and credentials for network authentication At least Windows XP SP2, Windows Server 2003 Network access: Let Everyone permissions apply to anonymous users At least Windows XP SP2, Windows Server 2003 Network access: Named Pipes that can be accessed anonymously At least Windows XP SP2, Windows Server 2003 Network access: Remotely accessible registry paths At least Windows XP SP2, Windows Server 2003 Network access: Remotely accessible registry paths and sub-paths At least Windows XP SP2, Windows Server 2003 Network access: Restrict anonymous access to Named Pipes and Shares At least Windows XP SP2, Windows Server 2003 Network access: Shares that can be accessed anonymously At least Windows XP SP2, Windows Server 2003 Network access: Sharing and security model for local accounts At least Windows XP SP2, Windows Server 2003 Network security: Do not store LAN Manager hash value on next password change At least Windows XP SP2, Windows Server 2003 Network security: Force logoff when logon hours expire At least Windows XP SP2, Windows Server 2003 Network security: LAN Manager authentication level At least Windows XP SP2, Windows Server 2003 Network security: LDAP client signing requirements At least Windows XP SP2, Windows Server 2003 Network security: Minimum session security for NTLM SSP based (including secure RPC) clients At least Windows XP SP2, Windows Server 2003 Network security: Minimum session security for NTLM SSP based (including secure RPC) servers At least Windows XP SP2, Windows Server 2003 Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers At least Windows 7, Windows Server 2008 R2 Network security: Restrict NTLM: Incoming NTLM traffic At least Windows 7, Windows Server 2008 R2 Network security: Restrict NTLM: Audit Incoming NTLM Traffic At least Windows 7, Windows Server 2008 R2 Network security: Restrict NTLM: NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2 Network security: Restrict NTLM: Audit NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2 Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication At least Windows 7, Windows Server 2008 R2 Network security: Restrict NTLM: Add server exceptions in this domain At least Windows 7, Windows Server 2008 R2 Network security: Allow LocalSystem NULL session fallback At least Windows 7, Windows Server 2008 R2 Network security: Allow Local System to use computer identity for NTLM At least Windows 7, Windows Server 2008 R2 Network security: Allow PKU2U authentication requests to this computer to use online identities. At least Windows 7, Windows Server 2008 R2 Network security: Configure encryption types allowed for Kerberos At least Windows 7, Windows Server 2008 R2 Recovery console: Allow automatic administrative logon At least Windows XP SP2, Windows Server 2003 Recovery console: Allow floppy copy and access to all drives and all folders At least Windows XP SP2, Windows Server 2003 Shutdown: Allow system to be shut down without having to log on At least Windows XP SP2, Windows Server 2003 Shutdown: Clear virtual memory pagefile At least Windows XP SP2, Windows Server 2003 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing At least Windows XP SP2, Windows Server 2003 System cryptography: Force strong key protection for user keys stored on the computer At least Windows XP SP2, Windows Server 2003 System objects: Default owner for objects created by members of the Administrators group At least Windows XP SP2, Windows Server 2003 System objects: Require case insensitivity for non-Windows subsystems At least Windows XP SP2, Windows Server 2003 System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) Windows XP SP2, Windows Server 2003 System settings: Optional subsystems At least Windows Vista, Windows Server 2003 System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies At least Windows Vista, Windows Server 2003 User Account Control: Admin Approval Mode for the Built-in Administrator account At least Windows Vista, Windows Server 2008 User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008 User Account Control: Behavior of the elevation prompt for standard users At least Windows Vista, Windows Server 2008 User Account Control: Detect application installations and prompt for elevation At least Windows Vista, Windows Server 2008 User Account Control: Only elevate executables that are signed and validated At least Windows Vista, Windows Server 2008 User Account Control: Only elevate UIAccess applications that are installed in secure locations At least Windows Vista, Windows Server 2008 User Account Control: Run all administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008 User Account Control: Switch to the secure desktop when prompting for elevation At least Windows Vista, Windows Server 2008 User Account Control: Virtualize file and registry write failures to per-user locations At least Windows Vista, Windows Server 2008 User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. At least Windows Vista, Windows Server 2008 Maximum application log size Only Windows XP SP2, Windows Server 2003 Maximum security log size Only Windows XP SP2, Windows Server 2003 Maximum system log size Only Windows XP SP2, Windows Server 2003 Prevent local guests group from accessing application log Only Windows XP SP2, Windows Server 2003 Prevent local guests group from accessing security log Only Windows XP SP2, Windows Server 2003 Prevent local guests group from accessing system log Only Windows XP SP2, Windows Server 2003 Retain application log Only Windows XP SP2, Windows Server 2003 Retain security log Only Windows XP SP2, Windows Server 2003 Retain system log Only Windows XP SP2, Windows Server 2003 Retention method for application log Only Windows XP SP2, Windows Server 2003 Retention method for security log Only Windows XP SP2, Windows Server 2003 Retention method for system log Only Windows XP SP2, Windows Server 2003 Restricted Groups Only Windows XP SP2, Windows Server 2003 System Services Only Windows XP SP2, Windows Server 2003 Registry Only Windows XP SP2, Windows Server 2003 File System Only Windows XP SP2, Windows Server 2003 Registry Settings Password Policy security settings are not registry keys. Password Policy security settings are not registry keys. Password Policy security settings are not registry keys. Password Policy security settings are not registry keys. Password Policy security settings are not registry keys. Password Policy security settings are not registry keys. Account Lockout Policy security settings are not registry keys. Account Lockout Policy security settings are not registry keys. Account Lockout Policy security settings are not registry keys. Kerberos Policy security settings are not registry keys. Kerberos Policy security settings are not registry keys. Kerberos Policy security settings are not registry keys. Kerberos Policy security settings are not registry keys. Kerberos Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. Audit Policy security settings are not registry keys. User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys User Rights security settings are not registry keys Not a registry key Not a registry key Not a registry key MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswo rdUse Not a registry key Not a registry key MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditi ng MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLega cyAuditPolicy MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail MACHINE\SOFTWARE\policies\Microsoft\windows NT\DCOM\MachineAccessRestriction MACHINE\SOFTWARE\policies\Microsoft\windows NT\DCOM\MachineLaunchRestriction MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\UndockWithoutLogon MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMa n Print Services\Servers\AddPrinterDrivers MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies MACHINE\Software\Microsoft\Driver Signing\Policy MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\L DAPServerIntegrity MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \RefusePasswordChange MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \RequireSignOrSeal MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \SealSecureChannel MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \SignSecureChannel MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \DisablePasswordChange MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \MaximumPasswordAge MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters \RequireStrongKey MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m, value=DontDisplayLockedUserId MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\DisableCAD Not a registry key Not a registry key MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\LegalNoticeText MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\LegalNoticeCaption MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\ScForceOption MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\ Parameters\RequireSecuritySignature MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\ Parameters\EnableSecuritySignature MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\ Parameters\EnablePlainTextPassword MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\AutoDisconnect Not a registry key MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\RequireSecuritySignature MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\EnableSecuritySignature MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\EnableForcedLogOff MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\SmbServerNameHardeningLevel Not a registry key MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou sSAM MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou s MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCre ds MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludes Anonymous MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\NullSessionPipes MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi nreg\AllowedPaths\Machine MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi nreg\AllowedPaths\Machine MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\NullSessionShares MACHINE\System\CurrentControlSet\Services\LanManServer\Para meters\NullSessionShares MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash Not a registry key MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTraffic MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictReceivingNTLMTraffic MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTraffic MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RestrictNTLMInDomain MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAllowedNTLMServers MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DCAllowedNTLMServers MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownulls essionfallback MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnline ID MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\Kerberos\Parameters\SupportedEncryptionTypes MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst em\ShutdownWithoutLogon MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPoli cy MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtec tion MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminO wner MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifier s\AuthenticodeEnabled SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Filt erAdministratorToken SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co nsentPromptBehaviorAdmin SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co nsentPromptBehaviorUser SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En ableInstallerDetection SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Val idateAdminCodeSignatures SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En ableSecureUIAPaths SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En ableLUA SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Pro mptOnSecureDesktop SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En ableVirtualization SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En ableUIADesktopToggle Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Event Log security settings are not registry keys. Restricted Groups policy settings are not registry keys. System Services policy settings are not registry keys. not a registry key File System policy settings are not registry keys. Help Text Enforce password history Maximum password age Minimum password age Minimum password length Password must meet complexity requirements Store passwords using reversible encryption Account lockout duration Account lockout threshold Reset account lockout counter after Enforce user logon restrictions Maximum lifetime for service ticket Maximum lifetime for user ticket Maximum lifetime for user ticket renewal Maximum tolerance for computer clock synchronization Audit account logon events Audit account management Audit directory service access Audit logon events Audit object access Audit policy change Audit privilege use Audit process tracking Audit system events Access this computer from the network This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities. Act as part of the operating system Add workstations to domain Adjust memory quotas for a process Allow log on locally Allow log on through Remote Desktop Services Back up files and directories Bypass traverse checking Change the system time Change the Time Zone Create a pagefile Create a token object Create global objects Create permanent shared objects Create Symbolic Links Debug programs Deny access to this computer from the network Deny log on as a batch job Deny log on as a service Deny log on locally Deny log on through Remote Desktop Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits Impersonate a client after authentication Increase a process working set Increase scheduling priority Load and unload device drivers Lock pages in memory Log on as a batch job Log on as a service Log on locally Manage auditing and security log Modify an object label Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Restore files and directories Shut down the system Synchronize directory service data Take ownership of files or other objects Accounts: Administrator account status Accounts: Block Microsoft accounts Accounts: Guest account status Accounts: Limit local account use of blank passwords to console logon only Accounts: Rename administrator account Accounts: Rename guest account Audit: Audit the access of global system objects Audit: Audit the use of Backup and Restore privilege Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings. Audit: Shut down system immediately if unable to log security audits DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers when connecting to shared printers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Domain controller: Allow server operators to schedule tasks Domain controller: LDAP server signing requirements Domain controller: Refuse machine account password changes Domain member: Digitally encrypt or sign secure channel data (always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Disable machine account password changes Domain member: Maximum machine account password age Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Do not display last user name This security setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen. Interactive Logon: Display user information when session is locked Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Machine account threshold. The machine lockout policy is enforced only on those machines that have Bitlocker enabled for protecting OS volumes. Please ensure that Interactive logon: Machine inactivity limit. Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) Interactive logon: Prompt user to change password before expiration Interactive logon: Require Domain Controller authentication to unlock Interactive logon: Require smart card Interactive logon: Smart card removal behavior Microsoft network client: Digitally sign communications (always) Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to connect to third-party SMB servers Microsoft network server: Amount of idle time required before suspending a session Microsoft network server: Attempt S4U2Self to obtain claim information Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Microsoft network server: Server SPN target name validation level
Network access: Allow anonymous SID/name translation Network access: Do not allow anonymous enumeration of SAM accounts Network access: Do not allow anonymous enumeration of SAM accounts and shares Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named pipes that can be accessed anonymously Network access: Remotely accessible registry paths Network access: Remotely accessible registry paths and subpaths Network access: Restrict anonymous access to Named Pipes and Shares Network access: Shares that can be accessed anonymously Network access: Sharing and security model for local accounts Network security: Do not store LAN Manager hash value on next password change Network security: Force logoff when logon hours expire Network security: LAN Manager authentication level
Network security: LDAP client signing requirements Network security: Minimum session security for NTLM SSP based (including secure RPC) clients Network security: Minimum session security for NTLM SSP based (including secure RPC) servers Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers Network security: Restrict NTLM: Incoming NTLM traffic Network security: Restrict NTLM: Audit Incoming NTLM Traffic Network security: Restrict NTLM: NTLM authentication in this domain Network security: Restrict NTLM: Audit NTLM authentication in this domain Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication Network security: Restrict NTLM: Add server exceptions in this domain Network security: Allow LocalSystem NULL session fallback Network security: Allow Local System to use computer identity for NTLM Network security: Allow PKU2U authentication requests to this computer to use online identities. Network security: Configure encryption types allowed for Kerberos Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on Shutdown: Clear virtual memory pagefile System cryptography: Use FIPS 140 compliant cryptographic algorithms, including encryption, hashing and signing algorithms System Cryptography: Force strong key protection for user keys stored on the computer System objects: Default owner for objects created by members of the Administrators group Description System objects: Require case insensitivity for non-Windows subsystems System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) System settings: Optional subsystems System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies User Account Control: Admin Approval Mode for the Built-in Administrator account User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode User Account Control: Behavior of the elevation prompt for standard users This security setting determines the behavior of the elevation prompt for standard users User Account Control: Detect application installations and prompt for elevation User Account Control: Only elevate executables that are signed and validated User Account Control: Only elevate UIAccess applications that are installed in secure locations User Account Control: Run all users, including administrators, as standard users. User Account Control: Switch to the secure desktop when prompting for elevation User Account Control: Virtualizes file and registry write failures to per-user locations User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop. Maximum application log size Maximum security log size Maximum system log size Prevent local guests group and ANONYMOUS LOGIN users from accessing application log Prevent local guests group and ANONYMOUS LOGIN users from accessing security log Prevent local guests group and ANONYMOUS LOGIN users from accessing system log Retain application log Retain security log Retain system log Retention method for application log Retention method for security log Retention method for system log Restricted Groups System Services security settings Registry security settings File System security settings Reboot Required Comments No No No No No No No No No No clients will get the new setting after a maximum No clients will get the new setting after a maximum No clients will get the new setting after a maximum No clients will get the new setting after a maximum No clients will get the new setting after a maximum No No No No No No No No No No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Note: In Windows 2000 Server, Windows 2000 No Logoff required No Note: See also the corresponding Windows No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No Logoff required No No No No No Yes Yes No Yes No No No No No For the policy change to take effect, the spooler No No No Yes Restart of service might be sufficient No No No Important: In order to take advantage of this No No No No Important: This setting applies to Windows No No No No No No No No No No Important: This setting applies to Windows No Important: This setting will apply to any No Only LogOff is required for W2K, XP and W2K3 Yes Important: For this policy to take effect on Yes Yes Yes No Yes Important: For this policy to take effect on No No No No No Important: This policy has no impact on No No No Yes No Important: The Network access: No Important: On Windows XP, this Yes Yes No Important: This setting only affects computers No Important: Windows 2000 Service Pack 2 No No Important: This setting can affect the ability of Yes No Warning: This setting will apply to any No Warning: This setting will apply to any No No No No No No No No No No No No Require restart of recovery console No Require restart of recovery console No Requires logoff Yes Vista does NOT require reboot No Yes Requires reboot with CNG on Vista; Does not No This policy does not exist on Vista Yes Yes Yes No No No No No No No Yes No No No No Note: This setting does not appear in the Local No Note: This setting does not appear in the Local No Note: This setting does not appear in the Local No Notes: This setting does not appear in the No Notes: This setting does not appear in the No Note: This setting does not appear in the Local No Notes: This setting does not appear in the No Notes: This setting does not appear in the No Note: This setting does not appear in the Local No Note: This setting does not appear in the Local No Note: This setting does not appear in the Local No Note: This setting does not appear in the Local Note: This setting does not appear in the Local Note: This setting does not appear in the Local Note: This setting does not appear in the Local