Windows 10 ADMX Spreadsheet

Group Policy Settings Reference
Windows 10
This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files (.admx an
Windows Server 10 The policy settings included in this spreadsheet cover Windows 10, Windows Server 2012 R2, Windows Server 2012, Wi
Windows 8.1, Windows 8, Windows 7, Windows Vista with SP1,Windows XP Professional with SP2 or earlier service packs, and Microsoft W
These files are used to expose policy settings when you use the Group Policy Management Console (GPMC) to edit Group Policy Objects (G
You can use the filtering capabilities that are included in this spreadsheet to view a specific subset of data, based on one value or a combinat
in one or more of the columns. In addition, you can click Custom in the drop-down list of any of the column headings to add additional filtering
To view a specific subset of data, click the drop-down arrow in the column heading of cells that contain the value or combination of values on
and then click the desired value in the drop-down list. For example, to view policy settings that are available for Windows Server 2012 or Wind
Administrative Template worksheet, click the drop-down arrow next to Supported On, and then click At least Microsoft Windows Server
Legal Notice
This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change withou
Some examples depicted herein are provided for illustration only and are fictitious.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your inte
Ó 2015 Microsoft Corporation. All rights reserved.
Active Directory, Hyper-V, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server,
and Windows Vista are trademarks of the Microsoft group of companies.
All other trademarks are property of their respective owners.

nistrative template files (.admx and .adml) delivered with
12 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008,Windows Server 2003 with SP2 or earlier service packs,
r service packs, and Microsoft Windows 2000 with SP5 or earlier service packs.
C) to edit Group Policy Objects (GPOs).
based on one value or a combination of values that are available

headings to add additional filtering criteria within that column.
alue or combination of values on which you want to filter,
for Windows Server 2012 or Windows 8, in the
ast Microsoft Windows Server 2012 or Windows 8.
eb site references, may change without notice.
py and use this document for your internal, reference purposes.

r service packs,
File Name Policy Setting Name
activexinstallservice.admx Approved Installation Sites for ActiveX Controls
activexinstallservice.admx Establish ActiveX installation policy for sites in Trusted zones
addremoveprograms.admx Specify default category for Add New Programs
addremoveprograms.admx Hide the "Add a program from CD-ROM or floppy disk" option
addremoveprograms.admx Hide the "Add programs from Microsoft" option
addremoveprograms.admx Hide the "Add programs from your network" option
addremoveprograms.admx Hide Add New Programs page
addremoveprograms.admx Remove Add or Remove Programs
addremoveprograms.admx Hide the Set Program Access and Defaults page
addremoveprograms.admx Hide Change or Remove Programs page
addremoveprograms.admx Go directly to Components Wizard
addremoveprograms.admx Remove Support Information
addremoveprograms.admx Hide Add/Remove Windows Components page
allowbuildpreview.admx Toggle user control over Insider builds
appcompat.admx Prevent access to 16-bit applications
appcompat.admx Remove Program Compatibility Property Page
appcompat.admx Turn off Application Telemetry
appcompat.admx Turn off SwitchBack Compatibility Engine
appcompat.admx Turn off Application Compatibility Engine
appcompat.admx Turn off Program Compatibility Assistant
appcompat.admx Turn off Program Compatibility Assistant
appcompat.admx Turn off Steps Recorder
appcompat.admx Turn off Inventory Collector
appxpackagemanager.admx Allow all trusted apps to install
appxpackagemanager.admx Allow deployment operations in special profiles
appxpackagemanager.admx Allows development of Windows Store apps and installing them from an i
appxpackagemanager.admx Disable installing Windows apps on non-system volumes
appxpackagemanager.admx Prevent users' app data from being stored on non-system volumes
appxpackagemanager.admx Allow a Windows app to share application data between users
appxruntime.admx Block launching desktop apps associated with a file.
appxruntime.admx Block launching desktop apps associated with a file.
appxruntime.admx Block launching desktop apps associated with a URI scheme
appxruntime.admx Block launching desktop apps associated with a URI scheme
appxruntime.admx Allow Microsoft accounts to be optional
appxruntime.admx Turn on dynamic Content URI Rules for Windows store apps
appxruntime.admx Block launching Windows Store apps with Windows Runtime API access fr
attachmentmanager.admx Notify antivirus programs when opening attachments
attachmentmanager.admx Trust logic for file attachments
attachmentmanager.admx Do not preserve zone information in file attachments
attachmentmanager.admx Hide mechanisms to remove zone information
attachmentmanager.admx Default risk level for file attachments
attachmentmanager.admx Inclusion list for high risk file types
attachmentmanager.admx Inclusion list for low file types
attachmentmanager.admx Inclusion list for moderate risk file types
auditsettings.admx Include command line in process creation events
autoplay.admx Set the default behavior for AutoRun
autoplay.admx Set the default behavior for AutoRun
autoplay.admx Prevent AutoPlay from remembering user choices.
autoplay.admx Prevent AutoPlay from remembering user choices.
autoplay.admx Turn off Autoplay
autoplay.admx Turn off Autoplay
autoplay.admx Disallow Autoplay for non-volume devices
autoplay.admx Disallow Autoplay for non-volume devices
avsvalidationgp.admx Turn off KMS Client Online AVS Validation
biometrics.admx Allow the use of biometrics
biometrics.admx Allow users to log on using biometrics
biometrics.admx Allow domain users to log on using biometrics
biometrics.admx Specify timeout for fast user switching events
bits.admx Timeout for inactive BITS jobs
bits.admx Limit the maximum BITS job download time
bits.admx Limit the maximum network bandwidth for BITS background transfers
bits.admx Set up a work schedule to limit the maximum network bandwidth used for
bits.admx Set up a maintenance schedule to limit the maximum network bandwidth u
bits.admx Allow BITS Peercaching
bits.admx Limit the age of files in the BITS Peercache
bits.admx Limit the BITS Peercache size
bits.admx Do not allow the computer to act as a BITS Peercaching client
bits.admx Do not allow the computer to act as a BITS Peercaching server
bits.admx Limit the maximum network bandwidth used for Peercaching
bits.admx Set default download behavior for BITS jobs on costed networks
bits.admx Limit the maximum number of BITS jobs for this computer
bits.admx Limit the maximum number of BITS jobs for each user
bits.admx Limit the maximum number of files allowed in a BITS job
bits.admx Limit the maximum number of ranges that can be added to the file in a BIT
bits.admx Do not allow the BITS client to use Windows Branch Cache
ceipenable.admx Allow Corporate redirection of Customer Experience Improvement upload
ceipenable.admx Tag Windows Customer Experience Improvement data with Study Identifie
ciphersuiteorder.admx SSL Cipher Suite Order
ciphersuiteorder.admx ECC Curve Order
com.admx Download missing COM components
com.admx Download missing COM components
conf.admx Disable application Sharing
conf.admx Prevent Control
conf.admx Prevent Sharing
conf.admx Prevent Sharing Command Prompts
conf.admx Prevent Desktop Sharing
conf.admx Prevent Sharing Explorer windows
conf.admx Prevent Application Sharing in true color
conf.admx Disable Audio
conf.admx Prevent changing DirectSound Audio setting
conf.admx Disable full duplex Audio
conf.admx Prevent receiving Video
conf.admx Prevent sending Video
conf.admx Limit the bandwidth of Audio and Video
conf.admx Allow persisting automatic acceptance of Calls
conf.admx Disable Chat
conf.admx Disable Whiteboard
conf.admx Disable NetMeeting 2.x Whiteboard
conf.admx Disable remote Desktop Sharing
conf.admx Enable Automatic Configuration
conf.admx Prevent adding Directory servers
conf.admx Prevent automatic acceptance of Calls
conf.admx Prevent changing Call placement method
conf.admx Disable Directory services
conf.admx Prevent receiving files
conf.admx Prevent sending files
conf.admx Prevent viewing Web directory
conf.admx Limit the size of sent files
conf.admx Set the intranet support Web page
conf.admx Set Call Security options
conf.admx Disable the Advanced Calling button
conf.admx Hide the Audio page
conf.admx Hide the General page
conf.admx Hide the Security page
conf.admx Hide the Video page
controlpanel.admx Hide specified Control Panel items
controlpanel.admx Always open All Control Panel Items when opening Control Panel
controlpanel.admx Prohibit access to Control Panel and PC settings
controlpanel.admx Show only specified Control Panel items
controlpaneldisplay.admx Disable the Display Control Panel
controlpaneldisplay.admx Hide Settings tab
controlpaneldisplay.admx Prevent changing color and appearance
controlpaneldisplay.admx Prevent changing screen saver
controlpaneldisplay.admx Enable screen saver
controlpaneldisplay.admx Force specific screen saver
controlpaneldisplay.admx Password protect the screen saver
controlpaneldisplay.admx Screen saver timeout
controlpaneldisplay.admx Prevent changing desktop background
controlpaneldisplay.admx Prevent changing sounds
controlpaneldisplay.admx Prevent changing mouse pointers
controlpaneldisplay.admx Prevent changing desktop icons
controlpaneldisplay.admx Prevent changing color scheme
controlpaneldisplay.admx Prevent changing theme
controlpaneldisplay.admx Load a specific theme
controlpaneldisplay.admx Prevent changing visual style for windows and buttons
controlpaneldisplay.admx Force a specific visual style file or force Windows Classic
controlpaneldisplay.admx Prohibit selection of visual style font size
controlpaneldisplay.admx Do not display the lock screen
controlpaneldisplay.admx Prevent changing lock screen image
controlpaneldisplay.admx Prevent enabling lock screen slide show
controlpaneldisplay.admx Prevent enabling lock screen camera
controlpaneldisplay.admx Force a specific background and accent color
controlpaneldisplay.admx Force a specific Start background
controlpaneldisplay.admx Prevent changing start menu background
controlpaneldisplay.admx Force a specific default lock screen image
cpls.admx Apply the default account picture to all users
credentialproviders.admx Assign a default domain for logon
credentialproviders.admx Exclude credential providers
credentialproviders.admx Turn on PIN sign-in
credentialproviders.admx Turn off picture password sign-in
credentialproviders.admx Allow users to select when a password is required when resuming from c
credentialproviders.admx Assign a default credential provider
credssp.admx Allow delegating default credentials
credssp.admx Allow delegating default credentials with NTLM-only server authentication
credssp.admx Allow delegating fresh credentials
credssp.admx Allow delegating fresh credentials with NTLM-only server authentication
credssp.admx Allow delegating saved credentials
credssp.admx Allow delegating saved credentials with NTLM-only server authentication
credssp.admx Deny delegating default credentials
credssp.admx Deny delegating fresh credentials
credssp.admx Deny delegating saved credentials
credssp.admx Restrict delegation of credentials to remote servers
credui.admx Enumerate administrator accounts on elevation
credui.admx Require trusted path for credential entry
credui.admx Do not display the password reveal button
credui.admx Do not display the password reveal button
ctrlaltdel.admx Remove Change Password
ctrlaltdel.admx Remove Lock Computer
ctrlaltdel.admx Remove Task Manager
ctrlaltdel.admx Remove Logoff
datacollection.admx Allow Telemetry
datacollection.admx Disable pre-release features or settings
dcom.admx Allow local activation security check exemptions
dcom.admx Define Activation Security Check exemptions
DeliveryOptimization.admx Download Mode
DeliveryOptimization.admx Group ID
DeliveryOptimization.admx Max Upload Bandwidth
DeliveryOptimization.admx Max Cache Size
DeliveryOptimization.admx Max Cache Age
desktop.admx Enable Active Desktop
desktop.admx Disable Active Desktop
desktop.admx Prohibit changes
desktop.admx Add/Delete items
desktop.admx Prohibit adding items
desktop.admx Prohibit closing items
desktop.admx Prohibit deleting items
desktop.admx Prohibit editing items
desktop.admx Disable all items
desktop.admx Allow only bitmapped wallpaper
desktop.admx Desktop Wallpaper
desktop.admx Enable filter in Find dialog box
desktop.admx Hide Active Directory folder
desktop.admx Maximum size of Active Directory searches
desktop.admx Prohibit User from manually redirecting Profile Folders
desktop.admx Hide and disable all items on the desktop
desktop.admx Remove the Desktop Cleanup Wizard
desktop.admx Hide Internet Explorer icon on desktop
desktop.admx Remove Computer icon on the desktop
desktop.admx Remove My Documents icon on the desktop
desktop.admx Hide Network Locations icon on desktop
desktop.admx Remove Properties from the Computer icon context menu
desktop.admx Remove Properties from the Documents icon context menu
desktop.admx Do not add shares of recently opened documents to Network Locations
desktop.admx Remove Recycle Bin icon from desktop
desktop.admx Remove Properties from the Recycle Bin context menu
desktop.admx Don't save settings at exit
desktop.admx Prevent adding dragging dropping and closing the Taskbar's toolbars
desktop.admx Prohibit adjusting desktop toolbars
desktop.admx Turn off Aero Shake window minimizing mouse gesture
devicecompat.admx Device compatibility settings
devicecompat.admx Driver compatibility settings
deviceguard.admx Turn On Virtualization Based Security
deviceguard.admx Deploy Code Integrity Policy
deviceinstallation.admx Prioritize all digitally signed drivers equally during the driver ranking and
deviceinstallation.admx Configure device installation time-out
deviceinstallation.admx Prevent creation of a system restore point during device activity that wou
deviceinstallation.admx Allow remote access to the Plug and Play interface
deviceinstallation.admx Allow administrators to override Device Installation Restriction policies
deviceinstallation.admx Allow installation of devices using drivers that match these device setup cl
deviceinstallation.admx Prevent installation of devices using drivers that match these device setup
deviceinstallation.admx Allow installation of devices that match any of these device IDs
deviceinstallation.admx Prevent installation of devices that match any of these device IDs
deviceinstallation.admx Prevent installation of removable devices
deviceinstallation.admx Prevent installation of devices not described by other policy settings
deviceinstallation.admx Time (in seconds) to force reboot when required for policy changes to take
deviceinstallation.admx Display a custom message title when device installation is prevented by a p
deviceinstallation.admx Display a custom message when installation is prevented by a policy settin
deviceinstallation.admx Allow non-administrators to install drivers for these device setup classes
deviceinstallation.admx Code signing for device drivers
deviceredirection.admx Prevent redirection of USB devices
deviceredirection.admx Prevent redirection of devices that match any of these device Ids
devicesetup.admx Turn off "Found New Hardware" balloons during device installation
devicesetup.admx Do not send a Windows error report when a generic driver is installed on a
devicesetup.admx Prevent Windows from sending an error report when a device driver request
devicesetup.admx Configure driver search locations
devicesetup.admx Turn off Windows Update device driver search prompt
devicesetup.admx Turn off Windows Update device driver search prompt
devicesetup.admx Specify search order for device driver source locations
devicesetup.admx Specify the search server for device driver updates
devicesetup.admx Prevent device metadata retrieval from the Internet
dfs.admx Configure how often a DFS client discovers domain controllers
digitallocker.admx Do not allow Digital Locker to run
digitallocker.admx Do not allow Digital Locker to run
diskdiagnostic.admx Disk Diagnostic: Configure custom alert text
diskdiagnostic.admx Disk Diagnostic: Configure execution level
disknvcache.admx Turn off boot and resume optimizations
disknvcache.admx Turn off cache power mode
disknvcache.admx Turn off non-volatile cache feature
disknvcache.admx Turn off solid state mode
diskquota.admx Enable disk quotas
diskquota.admx Enforce disk quota limit
diskquota.admx Specify default quota limit and warning level
diskquota.admx Log event when quota limit is exceeded
diskquota.admx Log event when quota warning level is exceeded
diskquota.admx Apply policy to removable media
distributedlinktracking.admx Allow Distributed Link Tracking clients to use domain resources
dnsclient.admx Connection-specific DNS suffix
dnsclient.admx DNS servers
dnsclient.admx Primary DNS suffix
dnsclient.admx Register DNS records with connection-specific DNS suffix
dnsclient.admx Register PTR records
dnsclient.admx Dynamic update
dnsclient.admx Replace addresses in conflicts
dnsclient.admx Registration refresh interval
dnsclient.admx TTL value for A and PTR records
dnsclient.admx DNS suffix search list
dnsclient.admx Update security level
dnsclient.admx Update top level domain zones
dnsclient.admx Primary DNS suffix devolution
dnsclient.admx Primary DNS suffix devolution level
dnsclient.admx Turn off multicast name resolution
dnsclient.admx Allow DNS suffix appending to unqualified multi-label name queries
dnsclient.admx Turn off smart multi-homed name resolution
dnsclient.admx Turn off smart protocol reordering
dnsclient.admx Allow NetBT queries for fully qualified domain names
dnsclient.admx Prefer link local responses over DNS when received over a network with h
dnsclient.admx Turn off IDN encoding
dnsclient.admx IDN mapping
dwm.admx Do not allow window animations
dwm.admx Do not allow window animations
dwm.admx Do not allow Flip3D invocation
dwm.admx Do not allow Flip3D invocation
dwm.admx Use solid color for Start background
dwm.admx Specify a default color
dwm.admx Specify a default color
dwm.admx Do not allow color changes
dwm.admx Do not allow color changes
eaime.admx Turn on misconversion logging for misconversion report
eaime.admx Turn off saving auto-tuning data to file
eaime.admx Turn off history-based predictive input
eaime.admx Turn off Open Extended Dictionary
eaime.admx Turn off Internet search integration
eaime.admx Turn off custom dictionary
eaime.admx Restrict character code range of conversion
eaime.admx Do not include Non-Publishing Standard Glyph in the candidate list
eaime.admx Turn on cloud candidate
earlylauncham.admx Boot-Start Driver Initialization Policy
edgeui.admx Turn off switching between recent apps
edgeui.admx Turn off tracking of app usage
edgeui.admx Do not show recent apps when the mouse is pointing to the upper-left cor
edgeui.admx Search Share Start Devices and Settings don't appear when the mouse is po
edgeui.admx Prevent users from replacing the Command Prompt with Windows PowerShel
edgeui.admx Disable help tips
edgeui.admx Disable help tips
encryptfilesonmove.admx Do not automatically encrypt files moved to encrypted folders
enhancedstorage.admx Allow only USB root hub connected Enhanced Storage devices
enhancedstorage.admx Lock Enhanced Storage when the computer is locked
enhancedstorage.admx Do not allow non-Enhanced Storage removable devices
enhancedstorage.admx Do not allow password authentication of Enhanced Storage devices
enhancedstorage.admx Do not allow Windows to activate Enhanced Storage devices
enhancedstorage.admx Configure list of IEEE 1667 silos usable on your computer
enhancedstorage.admx Configure list of Enhanced Storage devices usable on your computer
errorreporting.admx Configure Error Reporting
errorreporting.admx Display Error Notification
errorreporting.admx Disable Windows Error Reporting
errorreporting.admx Disable Windows Error Reporting
errorreporting.admx Prevent display of the user interface for critical errors
errorreporting.admx Disable logging
errorreporting.admx Disable logging
errorreporting.admx Do not send additional data
errorreporting.admx Do not send additional data
errorreporting.admx Do not throttle additional data
errorreporting.admx Do not throttle additional data
errorreporting.admx Send additional data when on battery power
errorreporting.admx Send additional data when on battery power
errorreporting.admx Send data when on connected to a restricted/costed network
errorreporting.admx Send data when on connected to a restricted/costed network
errorreporting.admx Default application reporting settings
errorreporting.admx List of applications to never report errors for
errorreporting.admx List of applications to always report errors for
errorreporting.admx Report operating system errors
errorreporting.admx Configure Report Archive
errorreporting.admx Configure Report Archive
errorreporting.admx Configure Corporate Windows Error Reporting
errorreporting.admx List of applications to be excluded
errorreporting.admx List of applications to be excluded
errorreporting.admx Configure Report Queue
errorreporting.admx Configure Report Queue
errorreporting.admx Customize consent settings
errorreporting.admx Customize consent settings
errorreporting.admx Ignore custom consent settings
errorreporting.admx Ignore custom consent settings
eventforwarding.admx Configure target Subscription Manager
eventforwarding.admx Configure forwarder resource usage
eventlog.admx Back up log automatically when full
eventlog.admx Configure log access
eventlog.admx Configure log access (legacy)
eventlog.admx Control Event Log behavior when the log file reaches its maximum size
eventlog.admx Control the location of the log file
eventlog.admx Specify the maximum log file size (KB)
eventlog.admx Turn on logging
eventlogging.admx Enable Protected Event Logging
eventviewer.admx Events.asp program
eventviewer.admx Events.asp program command line parameters
eventviewer.admx Events.asp URL
explorer.admx Display the menu bar in File Explorer
explorer.admx Prevent users from adding files to the root of their Users Files folder.
explorer.admx Turn off common control and window animations
explorer.admx Turn off Data Execution Prevention for Explorer
explorer.admx Turn off heap termination on corruption
explorer.admx Set a support web page link
explorer.admx Turn off soft landing help tips
explorer.admx Do not reinitialize a pre-existing roamed user profile when it is loaded on a
externalboot.admx Windows To Go Default Startup Options
externalboot.admx Allow hibernate (S4) when starting from a Windows To Go workspace
externalboot.admx Disallow standby sleep states (S1-S3) when starting from a Windows to G
filehistory.admx Turn off File History
filerecovery.admx Configure Corrupted File Recovery behavior
filerevocation.admx Allow Windows Runtime apps to revoke enterprise data
fileservervssagent.admx Configure maximum age of file server shadow copies
fileservervssprovider.admx Allow or Disallow use of encryption to protect the RPC protocol messages
filesys.admx Selectively allow the evaluation of a symbolic link
filesys.admx Do not allow compression on all NTFS volumes
filesys.admx Do not allow encryption on all NTFS volumes
filesys.admx Enable NTFS pagefile encryption
filesys.admx Short name creation options
filesys.admx Disable delete notifications on all volumes
filesys.admx Enable / disable TXF deprecated features
folderredirection.admx Use localized subfolder names when redirecting Start Menu and My Docu
folderredirection.admx Do not automatically make all redirected folders available offline
folderredirection.admx Do not automatically make specific redirected folders available offline
folderredirection.admx Use localized subfolder names when redirecting Start Menu and My Docu
folderredirection.admx Enable optimized move of contents in Offline Files cache on Folder Redire
folderredirection.admx Redirect folders on primary computers only
folderredirection.admx Redirect folders on primary computers only
framepanes.admx Turn on or off details pane
framepanes.admx Turn off Preview Pane
fthsvc.admx Configure Scenario Execution Level
gamedvr.admx Enables or disables Windows Game Recording and Broadcasting
gameexplorer.admx Turn off downloading of game information
gameexplorer.admx Turn off tracking of last play time of games in the Games folder
gameexplorer.admx Turn off game updates
globalization.admx Disallow selection of Custom Locales
globalization.admx Disallow selection of Custom Locales
globalization.admx Restrict system locales
globalization.admx Disallow copying of user input methods to the system account for sign-in
globalization.admx Restrict user locales
globalization.admx Restrict user locales
globalization.admx Disallow changing of geographic location
globalization.admx Disallow changing of geographic location
globalization.admx Disallow user override of locale settings
globalization.admx Disallow user override of locale settings
globalization.admx Hide Regional and Language Options administrative options
globalization.admx Hide the geographic location option
globalization.admx Hide the select language group options
globalization.admx Hide user locale selection and customization options
globalization.admx Restricts the UI language Windows uses for all logged users
globalization.admx Restricts the UI languages Windows should use for the selected user
globalization.admx Force selected system UI language to overwrite the user UI language
globalization.admx Restrict selection of Windows menus and dialogs language
globalization.admx Turn off offer text predictions as I type
globalization.admx Turn off insert a space after selecting a text prediction
globalization.admx Turn off autocorrect misspelled words
globalization.admx Turn off highlight misspelled words
globalization.admx Block clean-up of unused language packs
globalization.admx Allow input personalization
globalization.admx Century interpretation for Year 2000
globalization.admx Turn off automatic learning
globalization.admx Turn off automatic learning
grouppolicy-server.admx Allow asynchronous user Group Policy processing when logging on throug
grouppolicy.admx Untrusted Font Blocking
grouppolicy.admx Configure Group Policy Caching
grouppolicy.admx Enable Group Policy Caching for Servers
grouppolicy.admx Configure Logon Script Delay
grouppolicy.admx Enable AD/DFS domain controller synchronization during policy refresh
grouppolicy.admx Turn off Group Policy Client Service AOAC optimization
grouppolicy.admx Configure Direct Access connections as a fast network connection
grouppolicy.admx Change Group Policy processing to run asynchronously when a slow networ
grouppolicy.admx Turn off Local Group Policy Objects processing
grouppolicy.admx Specify startup policy processing wait time
grouppolicy.admx Allow cross-forest user policy and roaming user profiles
grouppolicy.admx Configure software Installation policy processing
grouppolicy.admx Configure disk quota policy processing
grouppolicy.admx Configure EFS recovery policy processing
grouppolicy.admx Configure folder redirection policy processing
grouppolicy.admx Configure Internet Explorer Maintenance policy processing
grouppolicy.admx Configure IP security policy processing
grouppolicy.admx Configure registry policy processing
grouppolicy.admx Configure scripts policy processing
grouppolicy.admx Configure security policy processing
grouppolicy.admx Configure wireless policy processing
grouppolicy.admx Configure wired policy processing
grouppolicy.admx Determine if interactive users can generate Resultant Set of Policy data
grouppolicy.admx Determine if interactive users can generate Resultant Set of Policy data
grouppolicy.admx Turn off automatic update of ADM files
grouppolicy.admx Turn off background refresh of Group Policy
grouppolicy.admx Remove users' ability to invoke machine policy refresh
grouppolicy.admx Enforce Show Policies Only
grouppolicy.admx Configure Group Policy domain controller selection
grouppolicy.admx Configure Group Policy slow link detection
grouppolicy.admx Configure Group Policy slow link detection
grouppolicy.admx Set Group Policy refresh interval for computers
grouppolicy.admx Set Group Policy refresh interval for domain controllers
grouppolicy.admx Set Group Policy refresh interval for users
grouppolicy.admx Set default name for new Group Policy objects
grouppolicy.admx Create new Group Policy Object links disabled by default
grouppolicy.admx Always use local ADM files for Group Policy Object Editor
grouppolicy.admx Turn off Resultant Set of Policy logging
grouppolicy.admx Configure user Group Policy loopback processing mode
grouppolicy.admx Specify workplace connectivity wait time for policy processing
grouppolicypreferences.admx Configure Applications preference extension policy processing
grouppolicypreferences.admx Configure Applications preference logging and tracing
grouppolicypreferences.admx Configure Data Sources preference extension policy processing
grouppolicypreferences.admx Configure Data Sources preference logging and tracing
grouppolicypreferences.admx Configure Devices preference extension policy processing
grouppolicypreferences.admx Configure Devices preference logging and tracing
grouppolicypreferences.admx Configure Drive Maps preference extension policy processing
grouppolicypreferences.admx Configure Drive Maps preference logging and tracing
grouppolicypreferences.admx Configure Environment preference extension policy processing
grouppolicypreferences.admx Configure Environment preference logging and tracing
grouppolicypreferences.admx Configure Files preference extension policy processing
grouppolicypreferences.admx Configure Files preference logging and tracing
grouppolicypreferences.admx Configure Folder Options preference extension policy processing
grouppolicypreferences.admx Configure Folder Options preference logging and tracing
grouppolicypreferences.admx Configure Folders preference extension policy processing
grouppolicypreferences.admx Configure Folders preference logging and tracing
grouppolicypreferences.admx Configure Ini Files preference extension policy processing
grouppolicypreferences.admx Configure Ini Files preference logging and tracing
grouppolicypreferences.admx Configure Internet Settings preference extension policy processing
grouppolicypreferences.admx Configure Internet Settings preference logging and tracing
grouppolicypreferences.admx Configure Local Users and Groups preference extension policy processing
grouppolicypreferences.admx Configure Local Users and Groups preference logging and tracing
grouppolicypreferences.admx Configure Network Options preference extension policy processing
grouppolicypreferences.admx Configure Network Options preference logging and tracing
grouppolicypreferences.admx Configure Network Shares preference extension policy processing
grouppolicypreferences.admx Configure Network Shares preference logging and tracing
grouppolicypreferences.admx Configure Power Options preference extension policy processing
grouppolicypreferences.admx Configure Power Options preference logging and tracing
grouppolicypreferences.admx Configure Printers preference extension policy processing
grouppolicypreferences.admx Configure Printers preference logging and tracing
grouppolicypreferences.admx Configure Regional Options preference extension policy processing
grouppolicypreferences.admx Configure Regional Options preference logging and tracing
grouppolicypreferences.admx Configure Registry preference extension policy processing
grouppolicypreferences.admx Configure Registry preference logging and tracing
grouppolicypreferences.admx Configure Scheduled Tasks preference extension policy processing
grouppolicypreferences.admx Configure Scheduled Tasks preference logging and tracing
grouppolicypreferences.admx Configure Services preference extension policy processing
grouppolicypreferences.admx Configure Services preference logging and tracing
grouppolicypreferences.admx Configure Shortcuts preference extension policy processing
grouppolicypreferences.admx Configure Shortcuts preference logging and tracing
grouppolicypreferences.admx Configure Start Menu preference extension policy processing
grouppolicypreferences.admx Configure Start Menu preference logging and tracing
grouppolicypreferences.admx Permit use of Application snap-ins
grouppolicypreferences.admx Permit use of Applications preference extension
grouppolicypreferences.admx Permit use of Control Panel Settings (Computers)
grouppolicypreferences.admx Permit use of Data Sources preference extension
grouppolicypreferences.admx Permit use of Devices preference extension
grouppolicypreferences.admx Permit use of Drive Maps preference extension
grouppolicypreferences.admx Permit use of Environment preference extension
grouppolicypreferences.admx Permit use of Files preference extension
grouppolicypreferences.admx Permit use of Folders preference extension
grouppolicypreferences.admx Permit use of Folder Options preference extension
grouppolicypreferences.admx Permit use of Ini Files preference extension
grouppolicypreferences.admx Permit use of Internet Settings preference extension
grouppolicypreferences.admx Permit use of Local Users and Groups preference extension
grouppolicypreferences.admx Permit use of Network Options preference extension
grouppolicypreferences.admx Permit use of Network Shares preference extension
grouppolicypreferences.admx Permit use of Power Options preference extension
grouppolicypreferences.admx Permit use of Printers preference extension
grouppolicypreferences.admx Permit use of Regional Options preference extension
grouppolicypreferences.admx Permit use of Registry preference extension
grouppolicypreferences.admx Permit use of Scheduled Tasks preference extension
grouppolicypreferences.admx Permit use of Services preference extension
grouppolicypreferences.admx Permit use of Shortcuts preference extension
grouppolicypreferences.admx Permit use of Start Menu preference extension
grouppolicypreferences.admx Permit use of Control Panel Settings (Users)
grouppolicypreferences.admx Permit use of Preferences tab
help.admx Restrict potentially unsafe HTML Help functions to specified folders
help.admx Restrict these programs from being launched from Help
help.admx Restrict these programs from being launched from Help
help.admx Turn off Data Execution Prevention for HTML Help Executible
helpandsupport.admx Turn off Active Help
helpandsupport.admx Turn off Help Ratings
helpandsupport.admx Turn off Help Experience Improvement Program
helpandsupport.admx Turn off Windows Online
hotspotauth.admx Enable Hotspot Authentication
icm.admx Restrict Internet communication
icm.admx Restrict Internet communication
icm.admx Turn off Automatic Root Certificates Update
icm.admx Turn off printing over HTTP
icm.admx Turn off printing over HTTP
icm.admx Turn off downloading of print drivers over HTTP
icm.admx Turn off downloading of print drivers over HTTP
icm.admx Turn off Windows Update device driver searching
icm.admx Turn off Event Viewer "Events.asp" links
icm.admx Turn off Help and Support Center "Did you know?" content
icm.admx Turn off Help and Support Center Microsoft Knowledge Base search
icm.admx Turn off Internet Connection Wizard if URL connection is referring to Micr
icm.admx Turn off Registration if URL connection is referring to Microsoft.com
icm.admx Turn off Windows Error Reporting
icm.admx Turn off access to all Windows Update features
icm.admx Turn off Search Companion content file updates
icm.admx Turn off Internet File Association service
icm.admx Turn off Internet File Association service
icm.admx Turn off access to the Store
icm.admx Turn off access to the Store
icm.admx Turn off Internet download for Web publishing and online ordering wizard
icm.admx Turn off Internet download for Web publishing and online ordering wizard
icm.admx Turn off the "Order Prints" picture task
icm.admx Turn off the "Order Prints" picture task
icm.admx Turn off the "Publish to Web" task for files and folders
icm.admx Turn off the "Publish to Web" task for files and folders
icm.admx Turn off the Windows Messenger Customer Experience Improvement Pro
icm.admx Turn off the Windows Messenger Customer Experience Improvement Pro
icm.admx Turn off Windows Customer Experience Improvement Program
icm.admx Turn off Windows Network Connectivity Status Indicator active tests
iis.admx Prevent IIS installation
inetres.admx Audio/Video Player
inetres.admx Carpoint
inetres.admx DHTML Edit Control
inetres.admx Shockwave Flash
inetres.admx Investor
inetres.admx Menu Controls
inetres.admx Microsoft Agent
inetres.admx Microsoft Chat
inetres.admx MSNBC
inetres.admx NetShow File Transfer Control
inetres.admx Microsoft Scriptlet Component
inetres.admx Microsoft Survey Control
inetres.admx Turn off the flip ahead with page prediction feature
inetres.admx Turn off the flip ahead with page prediction feature
inetres.admx Turn off loading websites and content in the background to optimize perf
inetres.admx Turn off loading websites and content in the background to optimize perf
inetres.admx Allow active content from CDs to run on user machines
inetres.admx Allow active content from CDs to run on user machines
inetres.admx Check for server certificate revocation
inetres.admx Check for server certificate revocation
inetres.admx Turn off ClearType
inetres.admx Turn off ClearType
inetres.admx Turn on Caret Browsing support
inetres.admx Turn on Caret Browsing support
inetres.admx Turn on Enhanced Protected Mode
inetres.admx Turn on Enhanced Protected Mode
inetres.admx Turn on 64-bit tab processes when running in Enhanced Protected Mode o
inetres.admx Turn on 64-bit tab processes when running in Enhanced Protected Mode o
inetres.admx Do not allow ActiveX controls to run in Protected Mode when Enhanced P
inetres.admx Do not allow ActiveX controls to run in Protected Mode when Enhanced P
inetres.admx Always send Do Not Track header
inetres.admx Always send Do Not Track header
inetres.admx Use HTTP 1.1
inetres.admx Use HTTP 1.1
inetres.admx Use HTTP 1.1 through proxy connections
inetres.admx Use HTTP 1.1 through proxy connections
inetres.admx Allow Internet Explorer to use the HTTP2 network protocol
inetres.admx Allow Internet Explorer to use the HTTP2 network protocol
inetres.admx Allow fallback to SSL 3.0 (Internet Explorer)
inetres.admx Turn off encryption support
inetres.admx Turn off encryption support
inetres.admx Do not allow resetting Internet Explorer settings
inetres.admx Do not allow resetting Internet Explorer settings
inetres.admx Check for signatures on downloaded programs
inetres.admx Check for signatures on downloaded programs
inetres.admx Allow third-party browser extensions
inetres.admx Allow third-party browser extensions
inetres.admx Allow Install On Demand (Internet Explorer)
inetres.admx Allow Install On Demand (Internet Explorer)
inetres.admx Allow Install On Demand (except Internet Explorer)
inetres.admx Allow Install On Demand (except Internet Explorer)
inetres.admx Automatically check for Internet Explorer updates
inetres.admx Automatically check for Internet Explorer updates
inetres.admx Allow software to run or install even if the signature is invalid
inetres.admx Allow software to run or install even if the signature is invalid
inetres.admx Play animations in web pages
inetres.admx Play animations in web pages
inetres.admx Play sounds in web pages
inetres.admx Play sounds in web pages
inetres.admx Play videos in web pages
inetres.admx Play videos in web pages
inetres.admx Turn off Profile Assistant
inetres.admx Turn off Profile Assistant
inetres.admx Do not save encrypted pages to disk
inetres.admx Do not save encrypted pages to disk
inetres.admx Empty Temporary Internet Files folder when browser is closed
inetres.admx Empty Temporary Internet Files folder when browser is closed
inetres.admx Show Content Advisor on Internet Options
inetres.admx Show Content Advisor on Internet Options
inetres.admx Turn on inline AutoComplete
inetres.admx Turn off inline AutoComplete in File Explorer
inetres.admx Go to an intranet site for a one-word entry in the Address bar
inetres.admx Go to an intranet site for a one-word entry in the Address bar
inetres.admx Turn on script debugging
inetres.admx Turn off details in messages about Internet connection problems
inetres.admx Turn off page transitions
inetres.admx Turn on the display of script errors
inetres.admx Turn off smooth scrolling
inetres.admx Turn off configuring underline links
inetres.admx Turn off phone number detection
inetres.admx Turn off phone number detection
inetres.admx Subscription Limits
inetres.admx Disable adding channels
inetres.admx Disable adding schedules for offline pages
inetres.admx Disable offline page hit logging
inetres.admx Disable channel user interface completely
inetres.admx Disable editing and creating of schedule groups
inetres.admx Disable editing schedules for offline pages
inetres.admx Disable removing channels
inetres.admx Disable removing schedules for offline pages
inetres.admx Disable all scheduled offline pages
inetres.admx Disable downloading of site subscription content
inetres.admx Prevent specifying the code download path for each computer
inetres.admx Prevent choosing default text size
inetres.admx Disable the Advanced page
inetres.admx Disable the Advanced page
inetres.admx Disable the Connections page
inetres.admx Disable the Connections page
inetres.admx Disable the Content page
inetres.admx Disable the Content page
inetres.admx Disable the General page
inetres.admx Disable the General page
inetres.admx Disable the Privacy page
inetres.admx Disable the Privacy page
inetres.admx Disable the Programs page
inetres.admx Disable the Programs page
inetres.admx Disable the Security page
inetres.admx Disable the Security page
inetres.admx Send internationalized domain names
inetres.admx Send internationalized domain names
inetres.admx Turn off sending UTF-8 query strings for URLs
inetres.admx Turn off sending UTF-8 query strings for URLs
inetres.admx Use UTF-8 for mailto links
inetres.admx Use UTF-8 for mailto links
inetres.admx Prevent ignoring certificate errors
inetres.admx Prevent ignoring certificate errors
inetres.admx Turn off sending URL path as UTF-8
inetres.admx Prevent specifying background color
inetres.admx Prevent specifying text color
inetres.admx Prevent the use of Windows colors
inetres.admx Prevent specifying cipher strength update information URLs
inetres.admx Start the Internet Connection Wizard automatically
inetres.admx Turn on ActiveX control logging in Internet Explorer
inetres.admx Turn on ActiveX control logging in Internet Explorer
inetres.admx Remove "Run this time" button for outdated ActiveX controls in Internet Ex
inetres.admx Remove "Run this time" button for outdated ActiveX controls in Internet Ex
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer on spe
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer on spe
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer
inetres.admx Turn off blocking of outdated ActiveX controls for Internet Explorer
inetres.admx Add-on List
inetres.admx Add-on List
inetres.admx Deny all add-ons unless specifically allowed in the Add-on List
inetres.admx Deny all add-ons unless specifically allowed in the Add-on List
inetres.admx All Processes
inetres.admx Process List
inetres.admx Admin-approved behaviors
inetres.admx Admin-approved behaviors
inetres.admx Install binaries signed by MD2 and MD4 signing technologies
inetres.admx Install binaries signed by MD2 and MD4 signing technologies
inetres.admx Internet Explorer Processes
inetres.admx Internet Zone Restricted Protocols
inetres.admx Internet Zone Restricted Protocols
inetres.admx Intranet Zone Restricted Protocols
inetres.admx Intranet Zone Restricted Protocols
inetres.admx Local Machine Zone Restricted Protocols
inetres.admx Local Machine Zone Restricted Protocols
inetres.admx Restricted Sites Zone Restricted Protocols
inetres.admx Restricted Sites Zone Restricted Protocols
inetres.admx Trusted Sites Zone Restricted Protocols
inetres.admx Trusted Sites Zone Restricted Protocols
inetres.admx Turn off Crash Detection
inetres.admx Turn off Crash Detection
inetres.admx Allow Microsoft services to provide enhanced suggestions as the user type
inetres.admx Allow Microsoft services to provide enhanced suggestions as the user type
inetres.admx Turn off Automatic Crash Recovery
inetres.admx Turn off Automatic Crash Recovery
inetres.admx Turn off Reopen Last Browsing Session
inetres.admx Turn off Reopen Last Browsing Session
inetres.admx Do not allow users to enable or disable add-ons
inetres.admx Do not allow users to enable or disable add-ons
inetres.admx Add a specific list of search providers to the user's list of search providers
inetres.admx Add a specific list of search providers to the user's list of search providers
inetres.admx Turn on menu bar by default
inetres.admx Turn on menu bar by default
inetres.admx Turn off Favorites bar
inetres.admx Turn off Favorites bar
inetres.admx Disable caching of Auto-Proxy scripts
inetres.admx Disable external branding of Internet Explorer
inetres.admx Disable changing Advanced page settings
inetres.admx Customize user agent string
inetres.admx Customize user agent string
inetres.admx Use Automatic Detection for dial-up connections
inetres.admx Prevent "Fix settings" functionality
inetres.admx Prevent "Fix settings" functionality
inetres.admx Prevent managing the phishing filter
inetres.admx Prevent managing the phishing filter
inetres.admx Turn off Managing SmartScreen Filter for Internet Explorer 8
inetres.admx Turn off Managing SmartScreen Filter for Internet Explorer 8
inetres.admx Prevent managing SmartScreen Filter
inetres.admx Prevent managing SmartScreen Filter
inetres.admx Prevent bypassing SmartScreen Filter warnings
inetres.admx Prevent bypassing SmartScreen Filter warnings
inetres.admx Prevent bypassing SmartScreen Filter warnings about files that are not
inetres.admx Prevent bypassing SmartScreen Filter warnings about files that are not
inetres.admx Turn off the Security Settings Check feature
inetres.admx Turn off the Security Settings Check feature
inetres.admx Position the menu bar above the navigation bar
inetres.admx Prevent changing pop-up filter level
inetres.admx Prevent changing pop-up filter level
inetres.admx Display error message on proxy script download failure
inetres.admx Turn on compatibility logging
inetres.admx Turn on compatibility logging
inetres.admx Enforce full-screen mode
inetres.admx Enforce full-screen mode
inetres.admx Disable Import/Export Settings wizard
inetres.admx Disable Import/Export Settings wizard
inetres.admx Turn off browser geolocation
inetres.admx Turn off browser geolocation
inetres.admx Turn off Adobe Flash in Internet Explorer and prevent applications from us
inetres.admx Turn off Adobe Flash in Internet Explorer and prevent applications from us
inetres.admx Turn off page-zooming functionality
inetres.admx Turn off page-zooming functionality
inetres.admx Identity Manager: Prevent users from using Identities
inetres.admx Automatically activate newly installed add-ons
inetres.admx Automatically activate newly installed add-ons
inetres.admx Turn off add-on performance notifications
inetres.admx Turn off add-on performance notifications
inetres.admx Turn on ActiveX Filtering
inetres.admx Turn on ActiveX Filtering
inetres.admx Configure Media Explorer Bar
inetres.admx Prevent access to Delete Browsing History
inetres.admx Prevent access to Delete Browsing History
inetres.admx Prevent deleting form data
inetres.admx Prevent deleting form data
inetres.admx Prevent deleting passwords
inetres.admx Prevent deleting passwords
inetres.admx Prevent deleting cookies
inetres.admx Prevent deleting cookies
inetres.admx Prevent deleting websites that the user has visited
inetres.admx Prevent deleting websites that the user has visited
inetres.admx Prevent deleting download history
inetres.admx Prevent deleting download history
inetres.admx Prevent deleting temporary Internet files
inetres.admx Prevent deleting temporary Internet files
inetres.admx Prevent deleting InPrivate Filtering data
inetres.admx Prevent deleting InPrivate Filtering data
inetres.admx Prevent deleting ActiveX Filtering Tracking Protection and Do Not Track da
inetres.admx Prevent deleting ActiveX Filtering Tracking Protection and Do Not Track da
inetres.admx Prevent deleting favorites site data
inetres.admx Prevent deleting favorites site data
inetres.admx Allow deleting browsing history on exit
inetres.admx Allow deleting browsing history on exit
inetres.admx Prevent running First Run wizard
inetres.admx Prevent running First Run wizard
inetres.admx Prevent access to Internet Explorer Help
inetres.admx Prevent access to Internet Explorer Help
inetres.admx Prevent Internet Explorer Search box from appearing
inetres.admx Prevent Internet Explorer Search box from appearing
inetres.admx Turn off suggestions for all user-installed providers
inetres.admx Turn off suggestions for all user-installed providers
inetres.admx Turn off the quick pick menu
inetres.admx Turn off the quick pick menu
inetres.admx Disable Automatic Install of Internet Explorer components
inetres.admx Set tab process growth
inetres.admx Set tab process growth
inetres.admx Allow Internet Explorer 8 shutdown behavior
inetres.admx Allow Internet Explorer 8 shutdown behavior
inetres.admx Specify default behavior for a new tab
inetres.admx Specify default behavior for a new tab
inetres.admx Turn off Tab Grouping
inetres.admx Turn off Quick Tabs functionality
inetres.admx Turn off Quick Tabs functionality
inetres.admx Prevent changing the default search provider
inetres.admx Prevent changing the default search provider
inetres.admx Disable showing the splash screen
inetres.admx Turn off tabbed browsing
inetres.admx Turn off tabbed browsing
inetres.admx Turn off configuration of pop-up windows in tabbed browsing
inetres.admx Turn off configuration of pop-up windows in tabbed browsing
inetres.admx Disable Periodic Check for Internet Explorer software updates
inetres.admx Prevent configuration of how windows open
inetres.admx Prevent configuration of how windows open
inetres.admx Configure Outlook Express
inetres.admx Pop-up allow list
inetres.admx Pop-up allow list
inetres.admx Disable changing accessibility settings
inetres.admx Disable changing Automatic Configuration settings
inetres.admx Disable changing Automatic Configuration settings
inetres.admx Disable changing Temporary Internet files settings
inetres.admx Disable changing Calendar and Contact settings
inetres.admx Disable changing certificate settings
inetres.admx Disable changing default browser check
inetres.admx Notify users if Internet Explorer is not the default web browser
inetres.admx Disable changing color settings
inetres.admx Disable changing connection settings
inetres.admx Disable changing connection settings
inetres.admx Disable Internet Connection wizard
inetres.admx Disable changing font settings
inetres.admx Disable AutoComplete for forms
inetres.admx Turn on the auto-complete feature for user names and passwords on form
inetres.admx Disable "Configuring History"
inetres.admx Disable "Configuring History"
inetres.admx Disable changing home page settings
inetres.admx Disable changing secondary home page settings
inetres.admx Disable changing secondary home page settings
inetres.admx Disable changing language settings
inetres.admx Disable changing link color settings
inetres.admx Disable changing Messaging settings
inetres.admx Prevent managing pop-up exception list
inetres.admx Prevent managing pop-up exception list
inetres.admx Turn off pop-up management
inetres.admx Turn off pop-up management
inetres.admx Disable changing Profile Assistant settings
inetres.admx Prevent changing proxy settings
inetres.admx Prevent changing proxy settings
inetres.admx Disable changing ratings settings
inetres.admx Disable the Reset Web Settings feature
inetres.admx Prevent the deletion of temporary Internet files and cookies
inetres.admx Prevent the deletion of temporary Internet files and cookies
inetres.admx Turn off the auto-complete feature for web addresses
inetres.admx Turn off the auto-complete feature for web addresses
inetres.admx Turn off Windows Search AutoComplete
inetres.admx Turn off Windows Search AutoComplete
inetres.admx Turn off URL Suggestions
inetres.admx Turn off URL Suggestions
inetres.admx Search: Disable Find Files via F3 within the browser
inetres.admx Search: Disable Search Customization
inetres.admx Security Zones: Use only machine settings
inetres.admx Security Zones: Do not allow users to change policies
inetres.admx Security Zones: Do not allow users to add/delete sites
inetres.admx Disable software update shell notifications on program launch
inetres.admx Restrict search providers to a specific list
inetres.admx Restrict search providers to a specific list
inetres.admx Prevent participation in the Customer Experience Improvement Program
inetres.admx Prevent participation in the Customer Experience Improvement Program
inetres.admx Prevent configuration of new tab creation
inetres.admx Prevent configuration of new tab creation
inetres.admx Make proxy settings per-machine (rather than per-user)
inetres.admx Allow websites to open windows without status bar or Address bar
inetres.admx Allow video and animation on a webpage that uses an older media player
inetres.admx Allow scriptlets
inetres.admx Turn off first-run prompt
inetres.admx Include local path when user is uploading files to a server
inetres.admx Turn on SmartScreen Filter scan
inetres.admx Allow websites to prompt for information by using scripted windows
inetres.admx Allow updates to status bar via script
inetres.admx Turn on Protected Mode
inetres.admx Show security warning for potentially unsafe files
inetres.admx Allow loading of XAML Browser Applications
inetres.admx Allow scripting of Internet Explorer WebBrowser controls
inetres.admx Turn off .NET Framework Setup
inetres.admx Allow loading of XAML files
inetres.admx Allow loading of XPS files
inetres.admx Access data sources across domains
inetres.admx Allow active scripting
inetres.admx Allow only approved domains to use ActiveX controls without prompt
inetres.admx Allow META REFRESH
inetres.admx Allow cut copy or paste operations from the clipboard via script
inetres.admx Allow binary and script behaviors
inetres.admx Use Pop-up Blocker
inetres.admx Display mixed content
inetres.admx Download signed ActiveX controls
inetres.admx Download unsigned ActiveX controls
inetres.admx Allow drag and drop or copy and paste files
inetres.admx Render legacy filters
inetres.admx Allow file downloads
inetres.admx Allow font downloads
inetres.admx Allow installation of desktop items
inetres.admx Java permissions
inetres.admx Launching applications and files in an IFRAME
inetres.admx Logon options
inetres.admx Enable MIME Sniffing
inetres.admx Enable dragging of content from different domains within a window
inetres.admx Enable dragging of content from different domains across windows
inetres.admx Navigate windows and frames across different domains
inetres.admx Allow active content over restricted protocols to access my computer
inetres.admx Do not prompt for client certificate selection when no certificates or only o
inetres.admx Automatic prompting for ActiveX controls
inetres.admx Automatic prompting for file downloads
inetres.admx Run ActiveX controls and plugins
inetres.admx Script ActiveX controls marked safe for scripting
inetres.admx Don't run antimalware programs against ActiveX controls
inetres.admx Initialize and script ActiveX controls not marked as safe
inetres.admx Scripting of Java applets
inetres.admx Run .NET Framework-reliant components signed with Authenticode
inetres.admx Software channel permissions
inetres.admx Submit non-encrypted form data
inetres.admx Turn on Cross-Site Scripting Filter
inetres.admx Run .NET Framework-reliant components not signed with Authenticode
inetres.admx Userdata persistence
inetres.admx Allow script-initiated windows without size or position constraints
inetres.admx Web sites in less privileged Web content zones can navigate into this zone
inetres.admx Intranet Sites: Include all local (intranet) sites not listed in other zones
inetres.admx Intranet Sites: Include all local (intranet) sites not listed in other zones
inetres.admx Turn on certificate address mismatch warning
inetres.admx Turn on certificate address mismatch warning
inetres.admx Locked-Down Internet Zone Template
inetres.admx Locked-Down Internet Zone Template
inetres.admx Internet Zone Template
inetres.admx Internet Zone Template
inetres.admx Locked-Down Intranet Zone Template
inetres.admx Locked-Down Intranet Zone Template
inetres.admx Intranet Zone Template
inetres.admx Intranet Zone Template
inetres.admx Locked-Down Local Machine Zone Template
inetres.admx Locked-Down Local Machine Zone Template
inetres.admx Local Machine Zone Template
inetres.admx Local Machine Zone Template
inetres.admx Locked-Down Restricted Sites Zone Template
inetres.admx Locked-Down Restricted Sites Zone Template
inetres.admx Restricted Sites Zone Template
inetres.admx Restricted Sites Zone Template
inetres.admx Locked-Down Trusted Sites Zone Template
inetres.admx Locked-Down Trusted Sites Zone Template
inetres.admx Trusted Sites Zone Template
inetres.admx Trusted Sites Zone Template
inetres.admx Intranet Sites: Include all sites that bypass the proxy server
inetres.admx Intranet Sites: Include all sites that bypass the proxy server
inetres.admx Intranet Sites: Include all network paths (UNCs)
inetres.admx Intranet Sites: Include all network paths (UNCs)
inetres.admx Site to Zone Assignment List
inetres.admx Site to Zone Assignment List
inetres.admx Turn on automatic detection of intranet
inetres.admx Turn on automatic detection of intranet
inetres.admx Turn on Notification bar notification for intranet content
inetres.admx Turn on Notification bar notification for intranet content
inetres.admx Prevent specifying the hover color
inetres.admx Prevent specifying the color of links that have not yet been clicked
inetres.admx Prevent specifying the color of links that have already been clicked
inetres.admx Turn on the hover color option
inetres.admx File menu: Disable closing the browser and Explorer windows
inetres.admx File menu: Disable Save As... menu option
inetres.admx File menu: Disable Save As Web Page Complete
inetres.admx File menu: Disable New menu option
inetres.admx File menu: Disable Open menu option
inetres.admx Help menu: Remove 'Send Feedback' menu option
inetres.admx Help menu: Remove 'For Netscape Users' menu option
inetres.admx Help menu: Remove 'Tip of the Day' menu option
inetres.admx Help menu: Remove 'Tour' menu option
inetres.admx Turn off Shortcut Menu
inetres.admx Hide Favorites menu
inetres.admx Disable Open in New Window menu option
inetres.admx Disable Save this program to disk option
inetres.admx Turn off Print Menu
inetres.admx Turn off Print Menu
inetres.admx Tools menu: Disable Internet Options... menu option
inetres.admx Turn off the ability to launch report site problems using a menu option
inetres.admx Turn off the ability to launch report site problems using a menu option
inetres.admx View menu: Disable Full Screen menu option
inetres.admx View menu: Disable Source menu option
inetres.admx Turn off automatic image resizing
inetres.admx Turn off image display
inetres.admx Allow Internet Explorer to play media files that use alternative codecs
inetres.admx Allow Internet Explorer to play media files that use alternative codecs
inetres.admx Allow the display of image download placeholders
inetres.admx Turn off smart image dithering
inetres.admx File size limits for Local Machine zone
inetres.admx File size limits for Intranet zone
inetres.admx File size limits for Trusted Sites zone
inetres.admx File size limits for Internet zone
inetres.admx File size limits for Restricted Sites zone
inetres.admx Turn on printing of background colors and images
inetres.admx Turn off background synchronization for feeds and Web Slices
inetres.admx Turn off background synchronization for feeds and Web Slices
inetres.admx Prevent downloading of enclosures
inetres.admx Prevent downloading of enclosures
inetres.admx Prevent subscribing to or deleting a feed or a Web Slice
inetres.admx Prevent subscribing to or deleting a feed or a Web Slice
inetres.admx Prevent automatic discovery of feeds and Web Slices
inetres.admx Prevent automatic discovery of feeds and Web Slices
inetres.admx Prevent access to feed list
inetres.admx Prevent access to feed list
inetres.admx Turn on Basic feed authentication over HTTP
inetres.admx Turn on Basic feed authentication over HTTP
inetres.admx Bypass prompting for Clipboard access for scripts running in any process
inetres.admx Bypass prompting for Clipboard access for scripts running in any process
inetres.admx Bypass prompting for Clipboard access for scripts running in the Internet E
inetres.admx Bypass prompting for Clipboard access for scripts running in the Internet E
inetres.admx Define applications and processes that can access the Clipboard without
inetres.admx Define applications and processes that can access the Clipboard without
inetres.admx Prevent configuration of search on Address bar
inetres.admx Prevent configuration of search on Address bar
inetres.admx Allow native XMLHTTP support
inetres.admx Allow native XMLHTTP support
inetres.admx Turn off Data URI support
inetres.admx Turn off Data URI support
inetres.admx Turn off Data Execution Prevention
inetres.admx Do not display the reveal password button
inetres.admx Do not display the reveal password button
inetres.admx Change the maximum number of connections per host (HTTP 1.1)
inetres.admx Change the maximum number of connections per host (HTTP 1.1)
inetres.admx Maximum number of connections per server (HTTP 1.0)
inetres.admx Maximum number of connections per server (HTTP 1.0)
inetres.admx Turn off cross-document messaging
inetres.admx Turn off cross-document messaging
inetres.admx Turn off the XDomainRequest object
inetres.admx Turn off the XDomainRequest object
inetres.admx Turn off the WebSocket Object
inetres.admx Turn off the WebSocket Object
inetres.admx Set the maximum number of WebSocket connections per server
inetres.admx Set the maximum number of WebSocket connections per server
inetres.admx Turn on automatic signup
inetres.admx Turn off toolbar upgrade tool
inetres.admx Turn off toolbar upgrade tool
inetres.admx Turn off Developer Tools
inetres.admx Turn off Developer Tools
inetres.admx Disable customizing browser toolbars
inetres.admx Disable customizing browser toolbar buttons
inetres.admx Configure Toolbar Buttons
inetres.admx Hide the Command bar
inetres.admx Hide the Command bar
inetres.admx Hide the status bar
inetres.admx Hide the status bar
inetres.admx Lock all toolbars
inetres.admx Lock all toolbars
inetres.admx Lock location of Stop and Refresh buttons
inetres.admx Lock location of Stop and Refresh buttons
inetres.admx Customize command labels
inetres.admx Customize command labels
inetres.admx Use large icons for command buttons
inetres.admx Use large icons for command buttons
inetres.admx Display tabs on a separate row
inetres.admx Display tabs on a separate row
inetres.admx Prevent specifying the update check interval (in days)
inetres.admx Prevent changing the URL for checking updates to Internet Explorer and In
inetres.admx Turn off ActiveX Opt-In prompt
inetres.admx Turn off ActiveX Opt-In prompt
inetres.admx Prevent per-user installation of ActiveX controls
inetres.admx Prevent per-user installation of ActiveX controls
inetres.admx Specify use of ActiveX Installer Service for installation of ActiveX controls
inetres.admx Specify use of ActiveX Installer Service for installation of ActiveX controls
inetres.admx Turn on Suggested Sites
inetres.admx Turn on Suggested Sites
inetres.admx Turn off InPrivate Browsing
inetres.admx Turn off InPrivate Browsing
inetres.admx Prevent the computer from loading toolbars and Browser Helper Objects w
inetres.admx Prevent the computer from loading toolbars and Browser Helper Objects w
inetres.admx Turn off collection of InPrivate Filtering data
inetres.admx Turn off collection of InPrivate Filtering data
inetres.admx Establish InPrivate Filtering threshold
inetres.admx Establish InPrivate Filtering threshold
inetres.admx Turn off InPrivate Filtering
inetres.admx Turn off InPrivate Filtering
inetres.admx Establish Tracking Protection threshold
inetres.admx Establish Tracking Protection threshold
inetres.admx Turn off Tracking Protection
inetres.admx Turn off Tracking Protection
inetres.admx Add non-default Accelerators
inetres.admx Add non-default Accelerators
inetres.admx Add default Accelerators
inetres.admx Add default Accelerators
inetres.admx Turn off Accelerators
inetres.admx Turn off Accelerators
inetres.admx Restrict Accelerators to those deployed through Group Policy
inetres.admx Restrict Accelerators to those deployed through Group Policy
inetres.admx Turn on Internet Explorer 7 Standards Mode
inetres.admx Turn on Internet Explorer 7 Standards Mode
inetres.admx Turn off Compatibility View
inetres.admx Turn off Compatibility View
inetres.admx Turn on Internet Explorer Standards Mode for local intranet
inetres.admx Turn on Internet Explorer Standards Mode for local intranet
inetres.admx Turn off Compatibility View button
inetres.admx Turn off Compatibility View button
inetres.admx Use Policy List of Internet Explorer 7 sites
inetres.admx Use Policy List of Internet Explorer 7 sites
inetres.admx Use Policy List of Quirks Mode sites
inetres.admx Use Policy List of Quirks Mode sites
inetres.admx Include updated website lists from Microsoft
inetres.admx Include updated website lists from Microsoft
inetres.admx Turn off ability to pin sites in Internet Explorer on the desktop
inetres.admx Turn off ability to pin sites in Internet Explorer on the desktop
inetres.admx Let users turn on and use Enterprise Mode from the Tools menu
inetres.admx Let users turn on and use Enterprise Mode from the Tools menu
inetres.admx Use the Enterprise Mode IE website list
inetres.admx Use the Enterprise Mode IE website list
inetres.admx Set default storage limits for websites
inetres.admx Set default storage limits for websites
inetres.admx Allow websites to store indexed databases on client computers
inetres.admx Allow websites to store indexed databases on client computers
inetres.admx Set indexed database storage limits for individual domains
inetres.admx Set indexed database storage limits for individual domains
inetres.admx Set maximum indexed database storage limit for all domains
inetres.admx Set maximum indexed database storage limit for all domains
inetres.admx Allow websites to store application caches on client computers
inetres.admx Allow websites to store application caches on client computers
inetres.admx Set application cache storage limits for individual domains
inetres.admx Set application cache storage limits for individual domains
inetres.admx Set maximum application caches storage limit for all domains
inetres.admx Set maximum application caches storage limit for all domains
inetres.admx Set application caches expiration time limit for individual domains
inetres.admx Set application caches expiration time limit for individual domains
inetres.admx Set maximum application cache resource list size
inetres.admx Set maximum application cache resource list size
inetres.admx Set maximum application cache individual resource size
inetres.admx Set maximum application cache individual resource size
inetres.admx Start Internet Explorer with tabs from last browsing session
inetres.admx Start Internet Explorer with tabs from last browsing session
inetres.admx Open Internet Explorer tiles on the desktop
inetres.admx Open Internet Explorer tiles on the desktop
inetres.admx Set how links are opened in Internet Explorer
inetres.admx Set how links are opened in Internet Explorer
inetres.admx Install new versions of Internet Explorer automatically
inetres.admx Turn on Site Discovery WMI output
inetres.admx Turn on Site Discovery WMI output
inetres.admx Turn on Site Discovery XML output
inetres.admx Turn on Site Discovery XML output
inetres.admx Limit Site Discovery output by Zone
inetres.admx Limit Site Discovery output by Zone
inetres.admx Limit Site Discovery output by Domain
inetres.admx Limit Site Discovery output by Domain
inkwatson.admx Turn off handwriting recognition error reporting
inkwatson.admx Turn off handwriting recognition error reporting
iscsi.admx Do not allow manual configuration of iSNS servers
iscsi.admx Do not allow manual configuration of target portals
iscsi.admx Do not allow manual configuration of discovered targets
iscsi.admx Do not allow adding new targets via manual configuration
iscsi.admx Do not allow changes to initiator iqn name
iscsi.admx Do not allow additional session logins
iscsi.admx Do not allow changes to initiator CHAP secret
iscsi.admx Do not allow connections without IPSec
iscsi.admx Do not allow sessions without mutual CHAP
iscsi.admx Do not allow sessions without one way CHAP
kdc.admx Provide information about previous logons to client computers
kdc.admx Use forest search order
kdc.admx KDC support for claims compound authentication and Kerberos armoring
kdc.admx Warning for large Kerberos tickets
kdc.admx Request compound authentication
kerberos.admx Define host name-to-Kerberos realm mappings
kerberos.admx Define interoperable Kerberos V5 realm settings
kerberos.admx Require strict KDC validation
kerberos.admx Use forest search order
kerberos.admx Require strict target SPN match on remote procedure calls
kerberos.admx Specify KDC proxy servers for Kerberos clients
kerberos.admx Disable revocation checking for the SSL certificate of KDC proxy servers
kerberos.admx Fail authentication requests when Kerberos armoring is not available
kerberos.admx Support compound authentication
kerberos.admx Set maximum Kerberos SSPI context token buffer size
kerberos.admx Kerberos client support for claims compound authentication and Kerberos
kerberos.admx Always send compound authentication first
kerberos.admx Support device authentication using certificate
lanmanserver.admx Hash Publication for BranchCache
lanmanserver.admx Hash Version support for BranchCache
lanmanserver.admx Cipher suite order
lanmanserver.admx Honor cipher suite order
lanmanworkstation.admx Cipher suite order
leakdiagnostic.admx Configure Scenario Execution Level
linklayertopologydiscovery.admx Turn on Mapper I/O (LLTDIO) driver
linklayertopologydiscovery.admx Turn on Responder (RSPNDR) driver
logon.admx Do not process the legacy run list
logon.admx Do not process the legacy run list
logon.admx Do not process the run once list
logon.admx Do not process the run once list
logon.admx Always use classic logon
logon.admx Do not display the Getting Started welcome screen at logon
logon.admx Run these programs at user logon
logon.admx Run these programs at user logon
logon.admx Always wait for the network at computer startup and logon
logon.admx Remove Boot / Shutdown / Logon / Logoff status messages
logon.admx Do not display the Getting Started welcome screen at logon
logon.admx Display highly detailed status messages
logon.admx Hide entry points for Fast User Switching
logon.admx Turn off Windows Startup sound
logon.admx Show first sign-in animation
logon.admx Always use custom logon background
logon.admx Do not display network selection UI
logon.admx Do not enumerate connected users on domain-joined computers
logon.admx Enumerate local users on domain-joined computers
logon.admx Turn off app notifications on the lock screen
mediacenter.admx Do not allow Windows Media Center to run
mediacenter.admx Do not allow Windows Media Center to run
microsoft-windows-geolocation-wlp Turn off Windows Location Provider
microsoftedge.admx Allows you to run scripts like Javascript
microsoftedge.admx Allows you to run scripts like Javascript
microsoftedge.admx Allows you to let people use autofill on websites
microsoftedge.admx Allows you to let people use autofill on websites
microsoftedge.admx Allows you to let people send Do Not Track headers
microsoftedge.admx Allows you to let people send Do Not Track headers
microsoftedge.admx Allows you to configure password manager
microsoftedge.admx Allows you to configure password manager
microsoftedge.admx Allows you to run pop-ups
microsoftedge.admx Allows you to run pop-ups
microsoftedge.admx Stops address bar from showing search suggestions
microsoftedge.admx Stops address bar from showing search suggestions
microsoftedge.admx Allows you to configure SmartScreen
microsoftedge.admx Allows you to configure SmartScreen
microsoftedge.admx Configure how Microsoft Edge treats cookies
microsoftedge.admx Configure how Microsoft Edge treats cookies
microsoftedge.admx Allows you to configure the Enterprise Site list
microsoftedge.admx Allows you to configure the Enterprise Site list
microsoftedge.admx Sends all intranet traffic over to Internet Explorer
microsoftedge.admx Sends all intranet traffic over to Internet Explorer
mmc.admx Restrict the user from entering author mode
mmc.admx Restrict users to the explicitly permitted list of snap-ins
mmc.admx Extended View (Web View)
mmc.admx ActiveX Control
mmc.admx Link to Web Address
mmcsnapins.admx AppleTalk Routing
mmcsnapins.admx Authorization Manager
mmcsnapins.admx Certification Authority Policy Settings
mmcsnapins.admx Connection Sharing (NAT)
mmcsnapins.admx DCOM Configuration Extension
mmcsnapins.admx Device Manager
mmcsnapins.admx DHCP Relay Management
mmcsnapins.admx Enterprise PKI
mmcsnapins.admx Event Viewer
mmcsnapins.admx Event Viewer (Windows Vista)
mmcsnapins.admx IAS Logging
mmcsnapins.admx IGMP Routing
mmcsnapins.admx IP Routing
mmcsnapins.admx IPX RIP Routing
mmcsnapins.admx IPX Routing
mmcsnapins.admx IPX SAP Routing
mmcsnapins.admx Logical and Mapped Drives
mmcsnapins.admx Online Responder
mmcsnapins.admx OSPF Routing
mmcsnapins.admx Public Key Policies
mmcsnapins.admx RAS Dialin - User Node
mmcsnapins.admx Remote Access
mmcsnapins.admx Removable Storage
mmcsnapins.admx RIP Routing
mmcsnapins.admx Routing
mmcsnapins.admx Send Console Message
mmcsnapins.admx Service Dependencies
mmcsnapins.admx Shared Folders Ext
mmcsnapins.admx SMTP Protocol
mmcsnapins.admx SNMP
mmcsnapins.admx System Properties
mmcsnapins.admx Group Policy Management
mmcsnapins.admx Group Policy Object Editor
mmcsnapins.admx Group Policy tab for Active Directory Tools
mmcsnapins.admx Resultant Set of Policy snap-in
mmcsnapins.admx Administrative Templates (Computers)
mmcsnapins.admx Administrative Templates (Users)
mmcsnapins.admx Folder Redirection
mmcsnapins.admx Internet Explorer Maintenance
mmcsnapins.admx IP Security Policy Management
mmcsnapins.admx Windows Firewall with Advanced Security
mmcsnapins.admx NAP Client Configuration
mmcsnapins.admx Remote Installation Services
mmcsnapins.admx Scripts (Startup/Shutdown)
mmcsnapins.admx Scripts (Logon/Logoff)
mmcsnapins.admx Security Settings
mmcsnapins.admx Software Installation (Computers)
mmcsnapins.admx Software Installation (Users)
mmcsnapins.admx Wired Network (IEEE 802.3) Policies
mmcsnapins.admx Wireless Network (IEEE 802.11) Policies
mmcsnapins.admx Administrative Templates (Computers)
mmcsnapins.admx Administrative Templates (Users)
mmcsnapins.admx Folder Redirection
mmcsnapins.admx Internet Explorer Maintenance
mmcsnapins.admx Scripts (Startup/Shutdown)
mmcsnapins.admx Scripts (Logon/Logoff)
mmcsnapins.admx Security Settings
mmcsnapins.admx Software Installation (Computers)
mmcsnapins.admx Software Installation (Users)
mmcsnapins.admx Active Directory Domains and Trusts
mmcsnapins.admx Active Directory Sites and Services
mmcsnapins.admx Active Directory Users and Computers
mmcsnapins.admx ADSI Edit
mmcsnapins.admx Certification Authority
mmcsnapins.admx Certificates
mmcsnapins.admx Certificate Templates
mmcsnapins.admx Component Services
mmcsnapins.admx Computer Management
mmcsnapins.admx Device Manager
mmcsnapins.admx Distributed File System
mmcsnapins.admx Disk Defragmenter
mmcsnapins.admx Disk Management
mmcsnapins.admx Event Viewer
mmcsnapins.admx Event Viewer (Windows Vista)
mmcsnapins.admx Failover Clusters Manager
mmcsnapins.admx FAX Service
mmcsnapins.admx FrontPage Server Extensions
mmcsnapins.admx Health Registration Authority (HRA)
mmcsnapins.admx Internet Authentication Service (IAS)
mmcsnapins.admx Internet Information Services
mmcsnapins.admx Indexing Service
mmcsnapins.admx IP Security Policy Management
mmcsnapins.admx IP Security Monitor
mmcsnapins.admx Local Users and Groups
mmcsnapins.admx NAP Client Configuration
mmcsnapins.admx .Net Framework Configuration
mmcsnapins.admx Network Policy Server (NPS)
mmcsnapins.admx Performance Logs and Alerts
mmcsnapins.admx QoS Admission Control
mmcsnapins.admx Remote Desktops
mmcsnapins.admx Routing and Remote Access
mmcsnapins.admx Removable Storage Management
mmcsnapins.admx Security Configuration and Analysis
mmcsnapins.admx Security Templates
mmcsnapins.admx Server Manager
mmcsnapins.admx Services
mmcsnapins.admx Shared Folders
mmcsnapins.admx System Information
mmcsnapins.admx Telephony
mmcsnapins.admx Remote Desktop Services Configuration
mmcsnapins.admx TPM Management
mmcsnapins.admx Windows Firewall with Advanced Security
mmcsnapins.admx Wireless Monitor
mmcsnapins.admx WMI Control
mmcsnapins2.admx Group Policy Starter GPO Editor
mmcsnapins2.admx Group Policy Management Editor
mmcsnapins2.admx Storage Manager for SANs
mmcsnapins2.admx Storage Manager for SANS Extension
mmcsnapins2.admx Disk Management Extension
mmcsnapins2.admx Share and Storage Management
mmcsnapins2.admx Share and Storage Management Extension
mmcsnapins2.admx DFS Management
mmcsnapins2.admx DFS Management Extension
mmcsnapins2.admx File Server Resource Manager
mmcsnapins2.admx File Server Resource Manager Extension
mobilepcmobilitycenter.admx Turn off Windows Mobility Center
mobilepcmobilitycenter.admx Turn off Windows Mobility Center
mobilepcpresentationsettings.admx Turn off Windows presentation settings
mobilepcpresentationsettings.admx Turn off Windows presentation settings
msched.admx Automatic Maintenance Activation Boundary
msched.admx Automatic Maintenance Random Delay
msched.admx Automatic Maintenance WakeUp Policy
msdt.admx Microsoft Support Diagnostic Tool: Configure execution level
msdt.admx Microsoft Support Diagnostic Tool: Restrict tool download
msdt.admx Microsoft Support Diagnostic Tool: Turn on MSDT interactive communicati
msi-filerecovery.admx Configure MSI Corrupted File Recovery behavior
msi.admx Allow users to browse for source while elevated
msi.admx Allow users to use media source while elevated
msi.admx Allow users to patch elevated products
msi.admx Always install with elevated privileges
msi.admx Always install with elevated privileges
msi.admx Prohibit use of Restart Manager
msi.admx Remove browse dialog box for new source
msi.admx Prohibit flyweight patching
msi.admx Turn off logging via package settings
msi.admx Prevent removable media source for any installation
msi.admx Turn off Windows Installer
msi.admx Prevent users from using Windows Installer to install updates and upgrade
msi.admx Prohibit rollback
msi.admx Prohibit rollback
msi.admx Allow user control over installs
msi.admx Prohibit non-administrators from applying vendor signed updates
msi.admx Prohibit removal of updates
msi.admx Turn off creation of System Restore checkpoints
msi.admx Prohibit User Installs
msi.admx Enforce upgrade component rules
msi.admx Control maximum size of baseline file cache
msi.admx Specify the types of events Windows Installer records in its transaction log
msi.admx Prevent Internet Explorer security prompt for Windows Installer scripts
msi.admx Specify the order in which Windows Installer searches for installation files
msi.admx Save copies of transform files in a secure location on workstation
msi.admx Turn off shared components
msi.admx Prevent embedded UI
nca.admx Support Email Address
nca.admx Friendly Name
nca.admx User Interface
nca.admx Prefer Local Names Allowed
nca.admx DirectAccess Passive Mode
nca.admx Corporate Resources
nca.admx IPsec Tunnel Endpoints
nca.admx Custom Commands
ncsi.admx Specify corporate Website probe URL
ncsi.admx Specify corporate DNS probe host name
ncsi.admx Specify corporate DNS probe host address
ncsi.admx Specify corporate site prefix list
ncsi.admx Specify domain location determination URL
ncsi.admx Specify passive polling
netlogon.admx Contact PDC on logon failure
netlogon.admx Use initial DC discovery retry setting for background callers
netlogon.admx Use maximum DC discovery retry interval setting for background callers
netlogon.admx Use final DC discovery retry setting for background callers
netlogon.admx Use positive periodic DC cache refresh for background callers
netlogon.admx Specify log file debug output level
netlogon.admx Specify expected dial-up delay on logon
netlogon.admx Specify maximum log file size
netlogon.admx Specify negative DC Discovery cache setting
netlogon.admx Set Netlogon share compatibility
netlogon.admx Specify positive periodic DC Cache refresh for non-background callers
netlogon.admx Set scavenge interval
netlogon.admx Specify site name
netlogon.admx Set SYSVOL share compatibility
netlogon.admx Use DNS name resolution with a single-label domain name instead of NetB
netlogon.admx Use DNS name resolution when a single-label domain name is used by appen
netlogon.admx Use automated site coverage by the DC Locator DNS SRV Records
netlogon.admx Specify DC Locator DNS records not registered by the DCs
netlogon.admx Specify Refresh Interval of the DC Locator DNS records
netlogon.admx Set TTL in the DC Locator DNS Records
netlogon.admx Specify sites covered by the GC Locator DNS SRV Records
netlogon.admx Set Priority in the DC Locator DNS SRV records
netlogon.admx Set Weight in the DC Locator DNS SRV records
netlogon.admx Specify sites covered by the application directory partition DC Locator DN
netlogon.admx Specify sites covered by the DC Locator DNS SRV records
netlogon.admx Specify dynamic registration of the DC Locator DNS Records
netlogon.admx Try Next Closest Site
netlogon.admx Force Rediscovery Interval
netlogon.admx Return domain controller address type
netlogon.admx Allow cryptography algorithms compatible with Windows NT 4.0
netlogon.admx Do not process incoming mailslot messages used for domain controller l
netlogon.admx Do not use NetBIOS-based discovery for domain controller location when D
netlogon.admx Specify address lookup behavior for DC locator ping
netlogon.admx Use urgent mode when pinging domain controllers
networkconnections.admx Prohibit adding and removing components for a LAN or remote access con
networkconnections.admx Prohibit access to the Advanced Settings item on the Advanced menu
networkconnections.admx Prohibit TCP/IP advanced configuration
networkconnections.admx Prohibit installation and configuration of Network Bridge on your DNS do
networkconnections.admx Prohibit Enabling/Disabling components of a LAN connection
networkconnections.admx Ability to delete all user remote access connections
networkconnections.admx Prohibit deletion of remote access connections
networkconnections.admx Prohibit access to the Remote Access Preferences item on the Advanced
networkconnections.admx Enable Windows 2000 Network Connections settings for Administrators
networkconnections.admx Turn off notifications when a connection has only limited or no connectivit
networkconnections.admx Prohibit access to properties of components of a LAN connection
networkconnections.admx Ability to Enable/Disable a LAN connection
networkconnections.admx Prohibit access to properties of a LAN connection
networkconnections.admx Prohibit access to the New Connection Wizard
networkconnections.admx Prohibit use of Internet Connection Firewall on your DNS domain network
networkconnections.admx Ability to change properties of an all user remote access connection
networkconnections.admx Prohibit access to properties of components of a remote access connectio
networkconnections.admx Prohibit connecting and disconnecting a remote access connection
networkconnections.admx Prohibit changing properties of a private remote access connection
networkconnections.admx Ability to rename all user remote access connections
networkconnections.admx Ability to rename LAN connections or remote access connections available t
networkconnections.admx Ability to rename LAN connections
networkconnections.admx Prohibit renaming private remote access connections
networkconnections.admx Prohibit use of Internet Connection Sharing on your DNS domain network
networkconnections.admx Prohibit viewing of status for an active connection
networkconnections.admx Require domain users to elevate when setting a network's location
networkconnections.admx Do not show the "local access only" network icon
networkconnections.admx Route all traffic through the internal network
networkisolation.admx Internet proxy servers for apps
networkisolation.admx Intranet proxy servers for apps
networkisolation.admx Private network ranges for apps
networkisolation.admx Proxy definitions are authoritative
networkisolation.admx Subnet definitions are authoritative
networkprovider.admx Hardened UNC Paths
offlinefiles.admx Subfolders always available offline
offlinefiles.admx Specify administratively assigned Offline Files
offlinefiles.admx Specify administratively assigned Offline Files
offlinefiles.admx Non-default server disconnect actions
offlinefiles.admx Non-default server disconnect actions
offlinefiles.admx Default cache size
offlinefiles.admx Allow or Disallow use of the Offline Files feature
offlinefiles.admx Encrypt the Offline Files cache
offlinefiles.admx Event logging level
offlinefiles.admx Event logging level
offlinefiles.admx Files not cached
offlinefiles.admx Action on server disconnect
offlinefiles.admx Action on server disconnect
offlinefiles.admx Prevent use of Offline Files folder
offlinefiles.admx Prevent use of Offline Files folder
offlinefiles.admx Prohibit user configuration of Offline Files
offlinefiles.admx Prohibit user configuration of Offline Files
offlinefiles.admx Remove "Make Available Offline" command
offlinefiles.admx Remove "Make Available Offline" command
offlinefiles.admx Remove "Make Available Offline" for these files and folders
offlinefiles.admx Remove "Make Available Offline" for these files and folders
offlinefiles.admx Turn off reminder balloons
offlinefiles.admx Turn off reminder balloons
offlinefiles.admx At logoff delete local copy of userâ€™s offline files
offlinefiles.admx Reminder balloon frequency
offlinefiles.admx Reminder balloon frequency
offlinefiles.admx Initial reminder balloon lifetime
offlinefiles.admx Initial reminder balloon lifetime
offlinefiles.admx Reminder balloon lifetime
offlinefiles.admx Reminder balloon lifetime
offlinefiles.admx Configure Slow link speed
offlinefiles.admx Synchronize all offline files before logging off
offlinefiles.admx Synchronize all offline files before logging off
offlinefiles.admx Synchronize all offline files when logging on
offlinefiles.admx Synchronize all offline files when logging on
offlinefiles.admx Synchronize offline files before suspend
offlinefiles.admx Synchronize offline files before suspend
offlinefiles.admx Turn on economical application of administratively assigned Offline Files
offlinefiles.admx Configure slow-link mode
offlinefiles.admx Limit disk space used by Offline Files
offlinefiles.admx Configure Background Sync
offlinefiles.admx Enable Transparent Caching
offlinefiles.admx Enable file screens
offlinefiles.admx Remove "Work offline" command
offlinefiles.admx Remove "Work offline" command
offlinefiles.admx Enable file synchronization on costed networks
p2p-pnrp.admx Turn off Microsoft Peer-to-Peer Networking Services
p2p-pnrp.admx Turn off Multicast Bootstrap
p2p-pnrp.admx Turn off PNRP cloud creation
p2p-pnrp.admx Set PNRP cloud to resolve only
p2p-pnrp.admx Set the Seed Server
p2p-pnrp.admx Disable password strength validation for Peer Grouping
parentalcontrols.admx Make Family Safety control panel visible on a Domain
passport.admx Use Microsoft Passport for Work
passport.admx Use a hardware security device
passport.admx Use biometrics
passport.admx Minimum PIN length
passport.admx Minimum PIN length
passport.admx Maximum PIN length
passport.admx Maximum PIN length
passport.admx Use uppercase letters
passport.admx Use uppercase letters
passport.admx Use lowercase letters
passport.admx Use lowercase letters
passport.admx Use special characters
passport.admx Use special characters
passport.admx Use digits
passport.admx Use digits
pca.admx Detect compatibility issues for applications and drivers
pca.admx Detect application install failures
pca.admx Detect applications unable to launch installers under UAC
pca.admx Detect application failures caused by deprecated Windows DLLs
pca.admx Detect application failures caused by deprecated COM objects
pca.admx Detect application installers that need to be run as administrator
pca.admx Notify blocked drivers
peertopeercaching.admx Turn on BranchCache
peertopeercaching.admx Set percentage of disk space used for client computer cache
peertopeercaching.admx Set BranchCache Hosted Cache mode
peertopeercaching.admx Set BranchCache Distributed Cache mode
peertopeercaching.admx Configure BranchCache for network files
peertopeercaching.admx Enable Automatic Hosted Cache Discovery by Service Connection Point
peertopeercaching.admx Configure Client BranchCache Version Support
peertopeercaching.admx Configure Hosted Cache Servers
peertopeercaching.admx Set age for segments in the data cache
pentraining.admx Turn off Tablet PC Pen Training
pentraining.admx Turn off Tablet PC Pen Training
performancediagnostics.admx Configure Scenario Execution Level
performanceperftrack.admx Enable/Disable PerfTrack
power.admx Critical battery notification action
power.admx Low battery notification action
power.admx Critical battery notification level
power.admx Low battery notification level
power.admx Turn off low battery user notification
power.admx Select the Power button action (plugged in)
power.admx Select the Sleep button action (plugged in)
power.admx Select the lid switch action (plugged in)
power.admx Select the Start menu Power button action (plugged in)
power.admx Select the Power button action (on battery)
power.admx Select the Sleep button action (on battery)
power.admx Select the lid switch action (on battery)
power.admx Select the Start menu Power button action (on battery)
power.admx Turn Off the hard disk (plugged in)
power.admx Turn Off the hard disk (on battery)
power.admx Specify a custom active power plan
power.admx Select an active power plan
power.admx Prompt for password on resume from hibernate/suspend
power.admx Turn on the ability for applications to prevent sleep transitions (plugged in
power.admx Specify the system hibernate timeout (plugged in)
power.admx Require a password when a computer wakes (plugged in)
power.admx Specify the system sleep timeout (plugged in)
power.admx Turn off hybrid sleep (plugged in)
power.admx Turn on the ability for applications to prevent sleep transitions (on battery
power.admx Specify the system hibernate timeout (on battery)
power.admx Require a password when a computer wakes (on battery)
power.admx Specify the system sleep timeout (on battery)
power.admx Turn off hybrid sleep (on battery)
power.admx Turn off adaptive display timeout (plugged in)
power.admx Turn off adaptive display timeout (on battery)
power.admx Turn off the display (plugged in)
power.admx Turn off the display (on battery)
power.admx Allow standby states (S1-S3) when sleeping (plugged in)
power.admx Allow standby states (S1-S3) when sleeping (on battery)
power.admx Do not turn off system power after a Windows system shutdown has occur
power.admx Allow automatic sleep with Open Network Files (plugged in)
power.admx Allow automatic sleep with Open Network Files (on battery)
power.admx Reduce display brightness (plugged in)
power.admx Reduce display brightness (on battery)
power.admx Specify the display dim brightness (plugged in)
power.admx Specify the display dim brightness (on battery)
power.admx Turn on desktop background slideshow (plugged in)
power.admx Turn on desktop background slideshow (on battery)
power.admx Specify the unattended sleep timeout (plugged in)
power.admx Specify the unattended sleep timeout (on battery)
power.admx Allow applications to prevent automatic sleep (plugged in)
power.admx Allow applications to prevent automatic sleep (on battery)
power.admx Reserve battery notification level
powershellexecutionpolicy.admx Turn on Script Execution
powershellexecutionpolicy.admx Turn on Script Execution
powershellexecutionpolicy.admx Turn on Module Logging
powershellexecutionpolicy.admx Turn on Module Logging
powershellexecutionpolicy.admx Turn on PowerShell Transcription
powershellexecutionpolicy.admx Turn on PowerShell Transcription
powershellexecutionpolicy.admx Turn on PowerShell Script Block Logging
powershellexecutionpolicy.admx Turn on PowerShell Script Block Logging
powershellexecutionpolicy.admx Set the default source path for Update-Help
powershellexecutionpolicy.admx Set the default source path for Update-Help
PreviousVersions.admx Prevent restoring previous versions from backups
PreviousVersions.admx Prevent restoring previous versions from backups
PreviousVersions.admx Hide previous versions list for local files
PreviousVersions.admx Hide previous versions list for local files
PreviousVersions.admx Prevent restoring local previous versions
PreviousVersions.admx Prevent restoring local previous versions
PreviousVersions.admx Hide previous versions list for remote files
PreviousVersions.admx Hide previous versions list for remote files
PreviousVersions.admx Prevent restoring remote previous versions
PreviousVersions.admx Prevent restoring remote previous versions
PreviousVersions.admx Hide previous versions of files on backup location
PreviousVersions.admx Hide previous versions of files on backup location
printing.admx Activate Internet printing
printing.admx Isolate print drivers from applications
printing.admx Custom support URL in the Printers folder's left pane
printing.admx Add Printer wizard - Network scan page (Managed network)
printing.admx Browse the network to find printers
printing.admx Always render print jobs on the server
printing.admx Always rasterize content to be printed using a software rasterizer
printing.admx Browse a common web site to find printers
printing.admx Disallow installation of printers using kernel-mode drivers
printing.admx Prevent addition of printers
printing.admx Prevent deletion of printers
printing.admx Add Printer wizard - Network scan page (Unmanaged network)
printing.admx Only use Package Point and print
printing.admx Package Point and print - Approved servers
printing.admx Only use Package Point and print
printing.admx Package Point and print - Approved servers
printing.admx Computer location
printing.admx Pre-populate printer search location text
printing.admx Point and Print Restrictions
printing.admx Point and Print Restrictions
printing.admx Default Active Directory path when searching for printers
printing.admx Printer browsing
printing.admx Execute print drivers in isolated processes
printing.admx Override print driver execution compatibility setting reported by print driv
printing.admx Extend Point and Print connection to search Windows Update
printing.admx Do not allow v4 printer drivers to show printer extensions
printing.admx Change Microsoft XPS Document Writer (MXDW) default output format to t
printing.admx Allow job name in event logs
printing2.admx Allow Print Spooler to accept client connections
printing2.admx Automatically publish new printers in Active Directory
printing2.admx Prune printers that are not automatically republished
printing2.admx Directory pruning interval
printing2.admx Directory pruning priority
printing2.admx Directory pruning retry
printing2.admx Log directory pruning retry events
printing2.admx Allow printers to be published
printing2.admx Check published state
printing2.admx Allow pruning of published printers
programs.admx Hide the Programs Control Panel
programs.admx Hide "Programs and Features" page
programs.admx Hide "Installed Updates" page
programs.admx Hide "Set Program Access and Computer Defaults" page
programs.admx Hide "Windows Marketplace"
programs.admx Hide "Get Programs" page
programs.admx Hide "Windows Features"
qos.admx Best effort service type
qos.admx Controlled load service type
qos.admx Guaranteed service type
qos.admx Network control service type
qos.admx Qualitative service type
qos.admx Limit outstanding packets
qos.admx Limit reservable bandwidth
qos.admx Set timer resolution
qos.admx Non-conforming packets
racwmiprov.admx Configure Reliability WMI Providers
radar.admx Configure Scenario Execution Level
reagent.admx Allow restore of system to default state
reliability.admx Enable Persistent Time Stamp
reliability.admx Report unplanned shutdown events
reliability.admx Activate Shutdown Event Tracker System State Data feature
reliability.admx Display Shutdown Event Tracker
remoteassistance.admx Turn on session logging
remoteassistance.admx Allow only Windows Vista or later connections
remoteassistance.admx Turn on bandwidth optimization
remoteassistance.admx Customize warning messages
remoteassistance.admx Configure Solicited Remote Assistance
remoteassistance.admx Configure Offer Remote Assistance
removablestorage.admx Set time (in seconds) to force reboot
removablestorage.admx Set time (in seconds) to force reboot
removablestorage.admx CD and DVD: Deny read access
removablestorage.admx CD and DVD: Deny read access
removablestorage.admx CD and DVD: Deny write access
removablestorage.admx CD and DVD: Deny write access
removablestorage.admx CD and DVD: Deny execute access
removablestorage.admx Custom Classes: Deny read access
removablestorage.admx Custom Classes: Deny read access
removablestorage.admx Custom Classes: Deny write access
removablestorage.admx Custom Classes: Deny write access
removablestorage.admx Floppy Drives: Deny read access
removablestorage.admx Floppy Drives: Deny read access
removablestorage.admx Floppy Drives: Deny write access
removablestorage.admx Floppy Drives: Deny write access
removablestorage.admx Floppy Drives: Deny execute access
removablestorage.admx Removable Disks: Deny read access
removablestorage.admx Removable Disks: Deny read access
removablestorage.admx Removable Disks: Deny write access
removablestorage.admx Removable Disks: Deny write access
removablestorage.admx Removable Disks: Deny execute access
removablestorage.admx All Removable Storage classes: Deny all access
removablestorage.admx All Removable Storage classes: Deny all access
removablestorage.admx Tape Drives: Deny read access
removablestorage.admx Tape Drives: Deny read access
removablestorage.admx Tape Drives: Deny write access
removablestorage.admx Tape Drives: Deny write access
removablestorage.admx Tape Drives: Deny execute access
removablestorage.admx WPD Devices: Deny read access
removablestorage.admx WPD Devices: Deny read access
removablestorage.admx WPD Devices: Deny write access
removablestorage.admx WPD Devices: Deny write access
removablestorage.admx All Removable Storage: Allow direct access in remote sessions
rpc.admx Enable RPC Endpoint Mapper Client Authentication
rpc.admx Propagate extended error information
rpc.admx Ignore Delegation Failure
rpc.admx Set Minimum Idle Connection Timeout for RPC/HTTP connections
rpc.admx Restrict Unauthenticated RPC clients
rpc.admx Maintain RPC Troubleshooting State Information
scripts.admx Specify maximum wait time for Group Policy scripts
scripts.admx Run legacy logon scripts hidden
scripts.admx Display instructions in logoff scripts as they run
scripts.admx Run logon scripts synchronously
scripts.admx Run logon scripts synchronously
scripts.admx Display instructions in logon scripts as they run
scripts.admx Run Windows PowerShell scripts first at computer startup shutdown
scripts.admx Run Windows PowerShell scripts first at user logon logoff
scripts.admx Run Windows PowerShell scripts first at user logon logoff
scripts.admx Display instructions in shutdown scripts as they run
scripts.admx Run startup scripts asynchronously
scripts.admx Display instructions in startup scripts as they run
scripts.admx Allow logon scripts when NetBIOS or WINS is disabled
sdiageng.admx Configure Security Policy for Scripted Diagnostics
sdiageng.admx Troubleshooting: Allow users to access and run Troubleshooting Wizards
sdiageng.admx Troubleshooting: Allow users to access online troubleshooting content on
sdiagschd.admx Configure Scheduled Maintenance Behavior
search.admx Prevent adding UNC locations to index from Control Panel
search.admx Prevent adding UNC locations to index from Control Panel
search.admx Allow indexing of encrypted files
search.admx Disable indexer backoff
search.admx Prevent clients from querying the index remotely
search.admx Prevent indexing when running on battery power to conserve energy
search.admx Prevent customization of indexed locations in Control Panel
search.admx Prevent customization of indexed locations in Control Panel
search.admx Allow use of diacritics
search.admx Always use automatic language detection when indexing content and prop
search.admx Do not allow locations on removable drives to be added to libraries
search.admx Don't search the web or display web results in Search
search.admx Don't search the web or display web results in Search over metered conne
search.admx Set what information is shared in Search
search.admx Set the SafeSearch setting for Search
search.admx Prevent automatically adding shared folders to the Windows Search index
search.admx Prevent adding user-specified locations to the All Locations menu
search.admx Prevent the display of advanced indexing options for Windows Search in t
search.admx Prevent indexing files in offline files cache
search.admx Enable indexing uncached Exchange folders
search.admx Enable indexing of online delegate mailboxes
search.admx Enable throttling for online mail indexing
search.admx Prevent indexing Microsoft Office Outlook
search.admx Prevent indexing e-mail attachments
search.admx Control rich previews for attachments
search.admx Prevent indexing public folders
search.admx Indexer data location
search.admx Add primary intranet search location
search.admx Add secondary intranet search locations
search.admx Preview pane location
search.admx Set large or small icon view in desktop search results
search.admx Stop indexing in the event of limited hard drive space
search.admx Prevent unwanted iFilters and protocol handlers
search.admx Do not allow web search
search.admx Prevent indexing certain paths
search.admx Prevent indexing certain paths
search.admx Default indexed paths
search.admx Default indexed paths
search.admx Default excluded paths
search.admx Default excluded paths
search.admx Prevent indexing of certain file types
search.admx Turn off storage and display of search history
search.admx Allow Cortana
search.admx Allow search and Cortana to use location
searchocr.admx Select OCR language
searchocr.admx Force TIFF IFilter to perform OCR for every page in a TIFF document
securitycenter.admx Turn on Security Center (Domain PCs only)
sensors.admx Turn off sensors
sensors.admx Turn off sensors
sensors.admx Turn off location
sensors.admx Turn off location
sensors.admx Turn off location scripting
sensors.admx Turn off location scripting
servermanager.admx Do not display Server Manager automatically at logon
servermanager.admx Configure the refresh interval for Server Manager
servermanager.admx Do not display Initial Configuration Tasks window automatically at logon
servermanager.admx Do not display Manage Your Server page at logon
servicing.admx Specify settings for optional component installation and component repair
settingsync.admx Do not sync
settingsync.admx Do not sync app settings
settingsync.admx Do not sync passwords
settingsync.admx Do not sync personalize
settingsync.admx Do not sync Apps
settingsync.admx Do not sync other Windows settings
settingsync.admx Do not sync desktop personalization
settingsync.admx Do not sync browser settings
settingsync.admx Do not sync on metered connections
settingsync.admx Do not sync start settings
setup.admx Specify Windows Service Pack installation file location
setup.admx Specify Windows installation file location
shapecollector.admx Turn off handwriting personalization data sharing
shapecollector.admx Turn off handwriting personalization data sharing
sharedfolders.admx Allow DFS roots to be published
sharedfolders.admx Allow shared folders to be published
sharing.admx Prevent users from sharing files within their profile.
sharing.admx Prevent the computer from joining a homegroup
shell-commandprompt-regedittools. Prevent access to the command prompt
shell-commandprompt-regedittools. Prevent access to registry editing tools
shell-commandprompt-regedittools. Run only specified Windows applications
shell-commandprompt-regedittools. Don't run specified Windows applications
shellwelcomecenter.admx Do not display the Welcome Center at user logon
sidebar.admx Turn off desktop gadgets
sidebar.admx Turn off desktop gadgets
sidebar.admx Restrict unpacking and installation of gadgets that are not digitally signed.
sidebar.admx Restrict unpacking and installation of gadgets that are not digitally signed.
sidebar.admx Turn Off user-installed desktop gadgets
sidebar.admx Turn Off user-installed desktop gadgets
skydrive.admx Prevent the usage of OneDrive for file storage
smartcard.admx Allow certificates with no extended key usage certificate attribute
smartcard.admx Allow Integrated Unblock screen to be displayed at the time of logon
smartcard.admx Filter duplicate logon certificates
smartcard.admx Force the reading of all certificates from the smart card
smartcard.admx Allow signature keys valid for Logon
smartcard.admx Allow time invalid certificates
smartcard.admx Turn on certificate propagation from smart card
smartcard.admx Configure root certificate clean up
smartcard.admx Turn on root certificate propagation from smart card
smartcard.admx Display string when smart card is blocked
smartcard.admx Reverse the subject name stored in a certificate when displaying
smartcard.admx Prevent plaintext PINs from being returned by Credential Manager
smartcard.admx Allow user name hint
smartcard.admx Turn on Smart Card Plug and Play service
smartcard.admx Notify user of successful smart card driver installation
smartcard.admx Allow ECC certificates to be used for logon and authentication
snmp.admx Specify communities
snmp.admx Specify permitted managers
snmp.admx Specify traps for public community
soundrec.admx Do not allow Sound Recorder to run
soundrec.admx Do not allow Sound Recorder to run
srm-fci.admx File Classification Infrastructure: Display Classification tab in File Explorer
srm-fci.admx File Classification Infrastructure: Specify classification properties list
srm-fci.admx Customize message for Access Denied errors
srm-fci.admx Enable access-denied assistance on client for all file types
startmenu.admx Clear the recent programs list for new users
startmenu.admx Remove Games link from Start Menu
startmenu.admx Remove Search Computer link
startmenu.admx Remove See More Results / Search Everywhere link
startmenu.admx Add Search Internet link to Start Menu
startmenu.admx Do not search for files
startmenu.admx Do not search Internet
startmenu.admx Do not search programs and Control Panel items
startmenu.admx Do not search communications
startmenu.admx Remove user folder link from Start Menu
startmenu.admx Add the Run command to the Start Menu
startmenu.admx Show QuickLaunch on Taskbar
startmenu.admx Clear history of recently opened documents on exit
startmenu.admx Add Logoff to the Start Menu
startmenu.admx Gray unavailable Windows Installer programs Start Menu shortcuts
startmenu.admx Turn off personalized menus
startmenu.admx Lock the Taskbar
startmenu.admx Add "Run in Separate Memory Space" check box to Run dialog box
startmenu.admx Turn off notification area cleanup
startmenu.admx Remove Balloon Tips on Start Menu items
startmenu.admx Prevent users from customizing their Start Screen
startmenu.admx Clear history of tile notifications on exit
startmenu.admx Pin Apps to Start when installed
startmenu.admx Pin Apps to Start when installed
startmenu.admx Start Layout
startmenu.admx Start Layout
startmenu.admx Remove and prevent access to the Shut Down Restart Sleep and Hiberna
startmenu.admx Remove common program groups from Start Menu
startmenu.admx Remove Favorites menu from Start Menu
startmenu.admx Remove Search link from Start Menu
startmenu.admx Remove frequent programs list from the Start Menu
startmenu.admx Remove Help menu from Start Menu
startmenu.admx Turn off user tracking
startmenu.admx Remove All Programs list from the Start menu
startmenu.admx Remove Network Connections from Start Menu
startmenu.admx Remove pinned programs list from the Start Menu
startmenu.admx Do not keep history of recently opened documents
startmenu.admx Remove Recent Items menu from Start Menu
startmenu.admx Do not use the search-based method when resolving shell shortcuts
startmenu.admx Do not use the tracking-based method when resolving shell shortcuts
startmenu.admx Remove Run menu from Start Menu
startmenu.admx Remove programs on Settings menu
startmenu.admx Prevent changes to Taskbar and Start Menu Settings
startmenu.admx Remove Default Programs link from the Start menu.
startmenu.admx Remove Documents icon from Start Menu
startmenu.admx Remove Music icon from Start Menu
startmenu.admx Remove Network icon from Start Menu
startmenu.admx Remove Pictures icon from Start Menu
startmenu.admx Remove user's folders from the Start Menu
startmenu.admx Force classic Start Menu
startmenu.admx Remove Clock from the system notification area
startmenu.admx Prevent grouping of taskbar items
startmenu.admx Do not display any custom toolbars in the taskbar
startmenu.admx Remove access to the context menus for the taskbar
startmenu.admx Hide the notification area
startmenu.admx Remove user name from Start Menu
startmenu.admx Remove links and access to Windows Update
startmenu.admx Remove the "Undock PC" button from the Start Menu
startmenu.admx Remove Logoff on the Start Menu
startmenu.admx Remove Homegroup link from Start Menu
startmenu.admx Remove Downloads link from Start Menu
startmenu.admx Remove Recorded TV link from Start Menu
startmenu.admx Remove Videos link from Start Menu
startmenu.admx Prevent users from uninstalling applications from Start
startmenu.admx Change Start Menu power button
startmenu.admx Show "Run as different user" command on Start
startmenu.admx Go to the desktop instead of Start when signing in
startmenu.admx Show the Apps view automatically when the user goes to Start
startmenu.admx Search just apps from the Apps view
startmenu.admx List desktop apps first in the Apps view
startmenu.admx Show Start on the display the user is using when they press the Windows l
systemrestore.admx Turn off Configuration
systemrestore.admx Turn off System Restore
tabletpcinputpanel.admx Turn off AutoComplete integration with Input Panel
tabletpcinputpanel.admx Turn off AutoComplete integration with Input Panel
tabletpcinputpanel.admx Prevent Input Panel tab from appearing
tabletpcinputpanel.admx Prevent Input Panel tab from appearing
tabletpcinputpanel.admx For tablet pen input donâ€™t show the Input Panel icon
tabletpcinputpanel.admx For tablet pen input donâ€™t show the Input Panel icon
tabletpcinputpanel.admx For touch input donâ€™t show the Input Panel icon
tabletpcinputpanel.admx For touch input donâ€™t show the Input Panel icon
tabletpcinputpanel.admx Turn off password security in Input Panel
tabletpcinputpanel.admx Turn off password security in Input Panel
tabletpcinputpanel.admx Include rarely used Chinese Kanji or Hanja characters
tabletpcinputpanel.admx Include rarely used Chinese Kanji or Hanja characters
tabletpcinputpanel.admx Turn off tolerant and Z-shaped scratch-out gestures
tabletpcinputpanel.admx Turn off tolerant and Z-shaped scratch-out gestures
tabletpcinputpanel.admx Disable text prediction
tabletpcinputpanel.admx Disable text prediction
tabletshell.admx Do not allow Inkball to run
tabletshell.admx Do not allow Inkball to run
tabletshell.admx Do not allow Windows Journal to be run
tabletshell.admx Do not allow Windows Journal to be run
tabletshell.admx Do not allow printing to Journal Note Writer
tabletshell.admx Do not allow printing to Journal Note Writer
tabletshell.admx Do not allow Snipping Tool to run
tabletshell.admx Do not allow Snipping Tool to run
tabletshell.admx Turn off pen feedback
tabletshell.admx Turn off pen feedback
tabletshell.admx Prevent Back-ESC mapping
tabletshell.admx Prevent Back-ESC mapping
tabletshell.admx Prevent launch an application
tabletshell.admx Prevent launch an application
tabletshell.admx Prevent press and hold
tabletshell.admx Prevent press and hold
tabletshell.admx Turn off hardware buttons
tabletshell.admx Turn off hardware buttons
tabletshell.admx Prevent Flicks Learning Mode
tabletshell.admx Prevent Flicks Learning Mode
tabletshell.admx Prevent flicks
tabletshell.admx Prevent flicks
taskbar.admx Remove the battery meter
taskbar.admx Remove the networking icon
taskbar.admx Remove the volume control icon
taskbar.admx Remove the Security and Maintenance icon
taskbar.admx Lock all taskbar settings
taskbar.admx Prevent users from adding or removing toolbars
taskbar.admx Prevent users from rearranging toolbars
taskbar.admx Turn off all balloon notifications
taskbar.admx Prevent users from moving taskbar to another screen dock location
taskbar.admx Prevent users from resizing the taskbar
taskbar.admx Turn off taskbar thumbnails
taskbar.admx Remove pinned programs from the Taskbar
taskbar.admx Turn off automatic promotion of notification icons to the taskbar
taskbar.admx Disable showing balloon notifications as toasts.
taskbar.admx Turn off feature advertisement balloon notifications
taskbar.admx Do not display or track items in Jump Lists from remote locations
taskbar.admx Do not allow pinning programs to the Taskbar
taskbar.admx Do not allow pinning items in Jump Lists
taskbar.admx Do not allow taskbars on more than one display
taskbar.admx Show Windows Store apps on the taskbar
taskbar.admx Remove Notifications and Action Center
taskbar.admx Do not allow pinning Store app to the Taskbar
taskscheduler.admx Prohibit Browse
taskscheduler.admx Prohibit Browse
taskscheduler.admx Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
taskscheduler.admx Hide Advanced Properties Checkbox in Add Scheduled Task Wizard
taskscheduler.admx Prohibit Drag-and-Drop
taskscheduler.admx Prohibit Drag-and-Drop
taskscheduler.admx Prevent Task Run or End
taskscheduler.admx Prevent Task Run or End
taskscheduler.admx Hide Property Pages
taskscheduler.admx Hide Property Pages
taskscheduler.admx Prohibit New Task Creation
taskscheduler.admx Prohibit New Task Creation
taskscheduler.admx Prohibit Task Deletion
taskscheduler.admx Prohibit Task Deletion
tcpip.admx Set ISATAP State
tcpip.admx Set ISATAP Router Name
tcpip.admx Set 6to4 State
tcpip.admx Set 6to4 Relay Name
tcpip.admx Set 6to4 Relay Name Resolution Interval
tcpip.admx Set Teredo State
tcpip.admx Set Teredo Server Name
tcpip.admx Set Teredo Refresh Rate
tcpip.admx Set Teredo Client Port
tcpip.admx Set Teredo Default Qualified
tcpip.admx Set IP-HTTPS State
tcpip.admx Set Window Scaling Heuristics State
tcpip.admx Set IP Stateless Autoconfiguration Limits State
terminalserver-server.admx Allow time zone redirection
terminalserver-server.admx Do not allow Clipboard redirection
terminalserver-server.admx Remove remote desktop wallpaper
terminalserver-server.admx Always show desktop on connection
terminalserver-server.admx Allow remote start of unlisted programs
terminalserver-server.admx Allow desktop composition for remote desktop sessions
terminalserver-server.admx Use RD Connection Broker load balancing
terminalserver-server.admx Redirect only the default client printer
terminalserver-server.admx Redirect only the default client printer
terminalserver-server.admx Set time limit for logoff of RemoteApp sessions
terminalserver-server.admx Set time limit for logoff of RemoteApp sessions
terminalserver-server.admx Do not allow font smoothing
terminalserver-server.admx Select the network adapter to be used for Remote Desktop IP Virtualizatio
terminalserver-server.admx Do not use Remote Desktop Session Host server IP address when virtual IP
terminalserver-server.admx Turn off Fair Share CPU Scheduling
terminalserver-server.admx Turn off Windows Installer RDS Compatibility
terminalserver-server.admx Turn on Remote Desktop IP Virtualization
terminalserver-server.admx Use the hardware default graphics adapter for all Remote Desktop Services
terminalserver-winip.admx Configure image quality for RemoteFX Adaptive Graphics
terminalserver-winip.admx Configure RemoteFX Adaptive Graphics
terminalserver-winip.admx Enable Remote Desktop Protocol 8.0
terminalserver-winip.admx Select network detection on the server
terminalserver-winip.admx Select RDP transport protocols
terminalserver-winip.admx Turn Off UDP On Client
terminalserver.admx Do not allow passwords to be saved
terminalserver.admx Do not allow passwords to be saved
terminalserver.admx Set client connection encryption level
terminalserver.admx Always prompt for password upon connection
terminalserver.admx Require use of specific security layer for remote (RDP) connections
terminalserver.admx Require user authentication for remote connections by using Network Leve
terminalserver.admx Server authentication certificate template
terminalserver.admx Set RD Gateway authentication method
terminalserver.admx Enable connection through RD Gateway
terminalserver.admx Set RD Gateway server address
terminalserver.admx Automatic reconnection
terminalserver.admx Limit maximum color depth
terminalserver.admx Limit number of monitors
terminalserver.admx Allow users to connect remotely by using Remote Desktop Services
terminalserver.admx Limit maximum display resolution
terminalserver.admx Enforce Removal of Remote Desktop Wallpaper
terminalserver.admx Deny logoff of an administrator logged in to the console session
terminalserver.admx Configure keep-alive connection interval
terminalserver.admx Use the specified Remote Desktop license servers
terminalserver.admx Hide notifications about RD Licensing problems that affect the RD Session
terminalserver.admx Set the Remote Desktop licensing mode
terminalserver.admx Limit number of connections
terminalserver.admx Remove "Disconnect" option from Shut Down dialog
terminalserver.admx Remove Windows Security item from Start menu
terminalserver.admx Suspend user sign-in to complete app registration
terminalserver.admx Set rules for remote control of Remote Desktop Services user sessions
terminalserver.admx Set rules for remote control of Remote Desktop Services user sessions
terminalserver.admx Restrict Remote Desktop Services users to a single Remote Desktop Service
terminalserver.admx Start a program on connection
terminalserver.admx Start a program on connection
terminalserver.admx Do not allow local administrators to customize permissions
terminalserver.admx Always show desktop on connection
terminalserver.admx Set Remote Desktop Services User Home Directory
terminalserver.admx Set path for Remote Desktop Services Roaming User Profile
terminalserver.admx Use mandatory profiles on the RD Session Host server
terminalserver.admx Limit the size of the entire roaming user profile cache
terminalserver.admx License server security group
terminalserver.admx Prevent license upgrade
terminalserver.admx Allow audio and video playback redirection
terminalserver.admx Limit audio playback quality
terminalserver.admx Allow audio recording redirection
terminalserver.admx Do not allow Clipboard redirection
terminalserver.admx Do not allow COM port redirection
terminalserver.admx Do not set default client printer to be default printer in a session
terminalserver.admx Use Remote Desktop Easy Print printer driver first
terminalserver.admx Use Remote Desktop Easy Print printer driver first
terminalserver.admx Do not allow drive redirection
terminalserver.admx Do not allow LPT port redirection
terminalserver.admx Do not allow supported Plug and Play device redirection
terminalserver.admx Do not allow client printer redirection
terminalserver.admx Specify RD Session Host server fallback printer driver behavior
terminalserver.admx Do not allow smart card device redirection
terminalserver.admx Allow time zone redirection
terminalserver.admx Require secure RPC communication
terminalserver.admx Join RD Connection Broker
terminalserver.admx Configure RD Connection Broker farm name
terminalserver.admx Use IP Address Redirection
terminalserver.admx Configure RD Connection Broker server name
terminalserver.admx End session when time limits are reached
terminalserver.admx End session when time limits are reached
terminalserver.admx Set time limit for disconnected sessions
terminalserver.admx Set time limit for disconnected sessions
terminalserver.admx Set time limit for active but idle Remote Desktop Services sessions
terminalserver.admx Set time limit for active but idle Remote Desktop Services sessions
terminalserver.admx Set time limit for active Remote Desktop Services sessions
terminalserver.admx Set time limit for active Remote Desktop Services sessions
terminalserver.admx Do not delete temp folders upon exit
terminalserver.admx Do not use temporary folders per session
terminalserver.admx Allow .rdp files from unknown publishers
terminalserver.admx Allow .rdp files from unknown publishers
terminalserver.admx Allow .rdp files from valid publishers and user's default .rdp settings
terminalserver.admx Allow .rdp files from valid publishers and user's default .rdp settings
terminalserver.admx Specify SHA1 thumbprints of certificates representing trusted .rdp publish
terminalserver.admx Specify SHA1 thumbprints of certificates representing trusted .rdp publish
terminalserver.admx Prompt for credentials on the client computer
terminalserver.admx Configure server authentication for client
terminalserver.admx Configure image quality for RemoteFX Adaptive Graphics
terminalserver.admx Configure RemoteFX Adaptive Graphics
terminalserver.admx Configure compression for RemoteFX data
terminalserver.admx Use advanced RemoteFX graphics for RemoteApp
terminalserver.admx Optimize visual experience for Remote Desktop Service Sessions
terminalserver.admx Allow RDP redirection of other supported RemoteFX USB devices from thi
terminalserver.admx Configure RemoteFX
terminalserver.admx Optimize visual experience when using RemoteFX
terminalserver.admx Enable RemoteFX encoding for RemoteFX clients designed for Windows Se
terminalserver.admx Specify default connection URL
terminalserver.admx Select network detection on the server
terminalserver.admx Select RDP transport protocols
terminalserver.admx Turn Off UDP On Client
textinput.admx Allow Uninstallation of Language Features
thumbnails.admx Turn off the display of thumbnails and only display icons.
thumbnails.admx Turn off the display of thumbnails and only display icons on network folder
thumbnails.admx Turn off the caching of thumbnails in hidden thumbs.db files
touchinput.admx Turn off Tablet PC touch input
touchinput.admx Turn off Tablet PC touch input
touchinput.admx Turn off Touch Panning
touchinput.admx Turn off Touch Panning
tpm.admx Turn on TPM backup to Active Directory Domain Services
tpm.admx Configure the level of TPM owner authorization information available to t
tpm.admx Configure the list of blocked TPM commands
tpm.admx Ignore the default list of blocked TPM commands
tpm.admx Ignore the local list of blocked TPM commands
tpm.admx Standard User Lockout Duration
tpm.admx Standard User Individual Lockout Threshold
tpm.admx Standard User Total Lockout Threshold
userdatabackup.admx Prevent the user from running the Backup Status and Configuration progr
userdatabackup.admx Prevent the user from running the Backup Status and Configuration progr
userdatabackup.admx Prevent backing up to local disks
userdatabackup.admx Prevent backing up to local disks
userdatabackup.admx Prevent backing up to network location
userdatabackup.admx Prevent backing up to network location
userdatabackup.admx Prevent backing up to optical media (CD/DVD)
userdatabackup.admx Prevent backing up to optical media (CD/DVD)
userdatabackup.admx Turn off the ability to back up data files
userdatabackup.admx Turn off the ability to back up data files
userdatabackup.admx Turn off restore functionality
userdatabackup.admx Turn off restore functionality
userdatabackup.admx Turn off the ability to create a system image
userdatabackup.admx Turn off the ability to create a system image
userprofiles.admx Add the Administrators security group to roaming user profiles
userprofiles.admx Do not check for user ownership of Roaming Profile Folders
userprofiles.admx Connect home directory to root of the share
userprofiles.admx Delete cached copies of roaming profiles
userprofiles.admx Disable detection of slow network connections
userprofiles.admx Prompt user when a slow network connection is detected
userprofiles.admx Exclude directories in roaming profile
userprofiles.admx Leave Windows Installer and Group Policy Software Installation Data
userprofiles.admx Limit profile size
userprofiles.admx Only allow local user profiles
userprofiles.admx Establish timeout value for dialog boxes
userprofiles.admx Do not log users on with temporary profiles
userprofiles.admx Maximum retries to unload and update user profile
userprofiles.admx Prevent Roaming Profile changes from propagating to the server
userprofiles.admx Wait for remote user profile
userprofiles.admx Control slow network connection timeout for user profiles
userprofiles.admx Delete user profiles older than a specified number of days on system resta
userprofiles.admx Specify network directories to sync at logon/logoff time only
userprofiles.admx Do not forcefully unload the users registry at user logoff
userprofiles.admx Set maximum wait time for the network if a user has a roaming user profi
userprofiles.admx Set roaming profile path for all users logging onto this computer
userprofiles.admx Set the schedule for background upload of a roaming user profile's registry
userprofiles.admx User management of sharing user name account picture and domain inform
userprofiles.admx Turn off the advertising ID
userprofiles.admx Download roaming profiles on primary computers only
userprofiles.admx Set user home folder
volumeencryption.admx Store BitLocker recovery information in Active Directory Domain Service
volumeencryption.admx Choose how users can recover BitLocker-protected drives (Windows Serve
volumeencryption.admx Choose default folder for recovery password
volumeencryption.admx Choose drive encryption method and cipher strength (Windows Vista Wi
volumeencryption.admx Choose drive encryption method and cipher strength
volumeencryption.admx Prevent memory overwrite on restart
volumeencryption.admx Configure pre-boot recovery message and URL
volumeencryption.admx Allow enhanced PINs for startup
volumeencryption.admx Configure use of passwords for operating system drives
volumeencryption.admx Reset platform validation data after BitLocker recovery
volumeencryption.admx Disallow standard users from changing the PIN or password
volumeencryption.admx Provide the unique identifiers for your organization
volumeencryption.admx Validate smart card certificate usage rule compliance
volumeencryption.admx Use enhanced Boot Configuration Data validation profile
volumeencryption.admx Choose how BitLocker-protected operating system drives can be recovere
volumeencryption.admx Enforce drive encryption type on operating system drives
volumeencryption.admx Require additional authentication at startup (Windows Server 2008 and W
volumeencryption.admx Require additional authentication at startup
volumeencryption.admx Allow network unlock at startup
volumeencryption.admx Configure TPM platform validation profile (Windows Vista Windows Serv
volumeencryption.admx Configure TPM platform validation profile for BIOS-based firmware configu
volumeencryption.admx Configure TPM platform validation profile for native UEFI firmware configu
volumeencryption.admx Configure minimum PIN length for startup
volumeencryption.admx Configure use of hardware-based encryption for operating system drives
volumeencryption.admx Enable use of BitLocker authentication requiring preboot keyboard input o
volumeencryption.admx Allow Secure Boot for integrity validation
volumeencryption.admx Choose how BitLocker-protected fixed drives can be recovered
volumeencryption.admx Configure use of passwords for fixed data drives
volumeencryption.admx Deny write access to fixed drives not protected by BitLocker
volumeencryption.admx Allow access to BitLocker-protected fixed data drives from earlier version
volumeencryption.admx Configure use of smart cards on fixed data drives
volumeencryption.admx Enforce drive encryption type on fixed data drives
volumeencryption.admx Configure use of hardware-based encryption for fixed data drives
volumeencryption.admx Choose how BitLocker-protected removable drives can be recovered
volumeencryption.admx Control use of BitLocker on removable drives
volumeencryption.admx Configure use of passwords for removable data drives
volumeencryption.admx Deny write access to removable drives not protected by BitLocker
volumeencryption.admx Allow access to BitLocker-protected removable data drives from earlier v
volumeencryption.admx Configure use of smart cards on removable data drives
volumeencryption.admx Enforce drive encryption type on removable data drives
volumeencryption.admx Configure use of hardware-based encryption for removable data drives
w32time.admx Global Configuration Settings
w32time.admx Configure Windows NTP Client
w32time.admx Enable Windows NTP Client
w32time.admx Enable Windows NTP Server
wcm.admx Prohibit connection to non-domain networks when connected to domain
wcm.admx Minimize the number of simultaneous connections to the Internet or a
wcm.admx Prohibit connection to roaming Mobile Broadband networks
wcm.admx Disable power management in connected standby mode
wdi.admx Diagnostics: Configure scenario retention
wdi.admx Diagnostics: Configure scenario execution level
wincal.admx Turn off Windows Calendar
wincal.admx Turn off Windows Calendar
windowsanytimeupgrade.admx Prevent the wizard from running.
windowsanytimeupgrade.admx Prevent the wizard from running.
windowsbackup.admx Allow only system backup
windowsbackup.admx Disallow locally attached storage as backup target
windowsbackup.admx Disallow network as backup target
windowsbackup.admx Disallow optical media as backup target
windowsbackup.admx Disallow run-once backups
windowscolorsystem.admx Prohibit installing or uninstalling color profiles
windowscolorsystem.admx Prohibit installing or uninstalling color profiles
windowsconnectnow.admx Prohibit access of the Windows Connect Now wizards
windowsconnectnow.admx Prohibit access of the Windows Connect Now wizards
windowsconnectnow.admx Configuration of wireless settings using Windows Connect Now
windowsdefender.admx Turn off Auto Exclusions
windowsdefender.admx Allow antimalware service to startup with normal priority
windowsdefender.admx Turn off Windows Defender
windowsdefender.admx Configure local administrator merge behavior for lists
windowsdefender.admx Turn off routine remediation
windowsdefender.admx Define addresses to bypass proxy server
windowsdefender.admx Define proxy server for connecting to the network
windowsdefender.admx Randomize scheduled task times
windowsdefender.admx Allow antimalware service to remain running always
windowsdefender.admx Extension Exclusions
windowsdefender.admx Path Exclusions
windowsdefender.admx Process Exclusions
windowsdefender.admx Turn on protocol recognition
windowsdefender.admx Turn on definition retirement
windowsdefender.admx Define the rate of detection events for logging
windowsdefender.admx IP address range Exclusions
windowsdefender.admx Port number Exclusions
windowsdefender.admx Process Exclusions for outbound traffic
windowsdefender.admx Threat ID Exclusions
windowsdefender.admx Specify additional definition sets for network traffic inspection
windowsdefender.admx Configure local setting override for the removal of items from Quarantine
windowsdefender.admx Configure removal of items from Quarantine folder
windowsdefender.admx Turn on behavior monitoring
windowsdefender.admx Turn on Information Protection Control
windowsdefender.admx Turn on network protection against exploits of known vulnerabilities
windowsdefender.admx Scan all downloaded files and attachments
windowsdefender.admx Monitor file and program activity on your computer
windowsdefender.admx Turn on raw volume write notifications
windowsdefender.admx Turn off real-time protection
windowsdefender.admx Turn on process scanning whenever real-time protection is enabled
windowsdefender.admx Define the maximum size of downloaded files and attachments to be scan
windowsdefender.admx Configure local setting override for turn on behavior monitoring
windowsdefender.admx Configure local setting override for monitoring file and program activity
windowsdefender.admx Configure local setting override to turn off Intrusion Prevention System
windowsdefender.admx Configure local setting override for scanning all downloaded files and att
windowsdefender.admx Configure local setting override to turn on real-time protection
windowsdefender.admx Configure local setting override for monitoring for incoming and outgoing fi
windowsdefender.admx Configure monitoring for incoming and outgoing file and program activity
windowsdefender.admx Configure local setting override for the time of day to run a scheduled ful
windowsdefender.admx Specify the day of the week to run a scheduled full scan to complete reme
windowsdefender.admx Specify the time of day to run a scheduled full scan to complete remediati
windowsdefender.admx Configure time out for detections requiring additional action
windowsdefender.admx Configure time out for detections in critically failed state
windowsdefender.admx Configure time out for detections in non-critical failed state
windowsdefender.admx Configure time out for detections in recently remediated state
windowsdefender.admx Configure Windows software trace preprocessor components
windowsdefender.admx Configure WPP tracing level
windowsdefender.admx Allow users to pause scan
windowsdefender.admx Specify the maximum depth to scan archive files
windowsdefender.admx Specify the maximum size of archive files to be scanned
windowsdefender.admx Specify the maximum percentage of CPU utilization during a scan
windowsdefender.admx Check for the latest virus and spyware definitions before running a schedu
windowsdefender.admx Scan archive files
windowsdefender.admx Turn on catch-up full scan
windowsdefender.admx Turn on catch-up quick scan
windowsdefender.admx Turn on e-mail scanning
windowsdefender.admx Turn on heuristics
windowsdefender.admx Scan packed executables
windowsdefender.admx Scan removable drives
windowsdefender.admx Turn on reparse point scanning
windowsdefender.admx Create a system restore point
windowsdefender.admx Run full scan on mapped network drives
windowsdefender.admx Scan network files
windowsdefender.admx Configure local setting override for maximum percentage of CPU utilizatio
windowsdefender.admx Configure local setting override for the scan type to use for a scheduled sc
windowsdefender.admx Configure local setting override for schedule scan day
windowsdefender.admx Configure local setting override for scheduled quick scan time
windowsdefender.admx Configure local setting override for scheduled scan time
windowsdefender.admx Turn on removal of items from scan history folder
windowsdefender.admx Specify the interval to run quick scans per day
windowsdefender.admx Start the scheduled scan only when computer is on but not in use
windowsdefender.admx Specify the scan type to use for a scheduled scan
windowsdefender.admx Specify the day of the week to run a scheduled scan
windowsdefender.admx Specify the time for a daily quick scan
windowsdefender.admx Specify the time of day to run a scheduled scan
windowsdefender.admx Define the number of days after which a catch-up scan is forced
windowsdefender.admx Define the number of days before spyware definitions are considered out
windowsdefender.admx Define the number of days before virus definitions are considered out of d
windowsdefender.admx Define file shares for downloading definition updates
windowsdefender.admx Turn on scan after signature update
windowsdefender.admx Allow definition updates when running on battery power
windowsdefender.admx Initiate definition update on startup
windowsdefender.admx Define the order of sources for downloading definition updates
windowsdefender.admx Allow definition updates from Microsoft Update
windowsdefender.admx Allow real-time definition updates based on reports to Microsoft MAPS
windowsdefender.admx Specify the day of the week to check for definition updates
windowsdefender.admx Specify the time to check for definition updates
windowsdefender.admx Allow notifications to disable definitions based reports to Microsoft MAPS
windowsdefender.admx Define the number of days after which a catch-up definition update is requ
windowsdefender.admx Specify the interval to check for definition updates
windowsdefender.admx Check for the latest virus and spyware definitions on startup
windowsdefender.admx Configure local setting override for reporting to Microsoft MAPS
windowsdefender.admx Join Microsoft MAPS
windowsdefender.admx Send file samples when further analysis is required
windowsdefender.admx Specify threats upon which default action should not be taken when detec
windowsdefender.admx Specify threat alert levels at which default action should not be taken wh
windowsdefender.admx Enable headless UI mode
windowsdefender.admx Suppresses reboot notifications
windowsdefender.admx Display notifications to clients when they need to perform actions
windowsdefender.admx Display additional text to clients when they need to perform an action
windowsexplorer.admx Hide the common dialog back button
windowsexplorer.admx Hide the dropdown list of recent files
windowsexplorer.admx Hide the common dialog places bar
windowsexplorer.admx Items displayed in Places Bar
windowsexplorer.admx Turn on Classic Shell
windowsexplorer.admx Display confirmation dialog when deleting files
windowsexplorer.admx Allow only per user or approved shell extensions
windowsexplorer.admx Do not track Shell shortcuts during roaming
windowsexplorer.admx Maximum number of recent documents
windowsexplorer.admx Turn off caching of thumbnail pictures
windowsexplorer.admx Remove CD Burning features
windowsexplorer.admx Remove UI to change menu animation setting
windowsexplorer.admx Remove UI to change keyboard navigation indicator setting
windowsexplorer.admx Remove DFS tab
windowsexplorer.admx Hide these specified drives in My Computer
windowsexplorer.admx No Entire Network in Network Locations
windowsexplorer.admx Remove File menu from File Explorer
windowsexplorer.admx Do not allow Folder Options to be opened from the Options button on the
windowsexplorer.admx Remove Hardware tab
windowsexplorer.admx Hides the Manage item on the File Explorer context menu
windowsexplorer.admx Remove Shared Documents from My Computer
windowsexplorer.admx Remove "Map Network Drive" and "Disconnect Network Drive"
windowsexplorer.admx Do not move deleted files to the Recycle Bin
windowsexplorer.admx Do not request alternate credentials
windowsexplorer.admx Remove Security tab
windowsexplorer.admx Remove Search button from File Explorer
windowsexplorer.admx Remove File Explorer's default context menu
windowsexplorer.admx Prevent access to drives from My Computer
windowsexplorer.admx Turn off Windows+X hotkeys
windowsexplorer.admx No Computers Near Me in Network Locations
windowsexplorer.admx Request credentials for network installations
windowsexplorer.admx Maximum allowed Recycle Bin size
windowsexplorer.admx Turn off shell protocol protected mode
windowsexplorer.admx Turn off shell protocol protected mode
windowsexplorer.admx Remove the Search the Internet "Search again" link
windowsexplorer.admx Pin Internet search sites to the "Search again" links and the Start menu
windowsexplorer.admx Pin Libraries or Search Connectors to the "Search again" links and the Sta
windowsexplorer.admx Verify old and new Folder Redirection targets point to the same share befo
windowsexplorer.admx Disable Known Folders
windowsexplorer.admx Turn off the display of snippets in Content view mode
windowsexplorer.admx Turn off Windows Libraries features that rely on indexed file data
windowsexplorer.admx Turn off display of recent search entries in the File Explorer search box
windowsexplorer.admx Disable binding directly to IPropertySetStorage without intermediate layer
windowsexplorer.admx Disable binding directly to IPropertySetStorage without intermediate layer
windowsexplorer.admx Turn off numerical sorting in File Explorer
windowsexplorer.admx Turn off numerical sorting in File Explorer
windowsexplorer.admx Allow OpenSearch queries in File Explorer
windowsexplorer.admx Allow previewing and custom thumbnails of OpenSearch query results in Fi
windowsexplorer.admx Location where all default Library definition files for users/machines reside
windowsexplorer.admx Location where all default Library definition files for users/machines reside
windowsexplorer.admx Configure Windows SmartScreen
windowsexplorer.admx Show lock in the user tile menu
windowsexplorer.admx Show sleep in the power options menu
windowsexplorer.admx Show hibernate in the power options menu
windowsexplorer.admx Do not show the 'new application installed' notification
windowsexplorer.admx Start File Explorer with ribbon minimized
windowsexplorer.admx Start File Explorer with ribbon minimized
windowsexplorer.admx Set a default associations configuration file
windowsexplorer.admx Allow the use of remote paths in file shortcut icons
windowsfileprotection.admx Specify Windows File Protection cache location
windowsfileprotection.admx Limit Windows File Protection cache size
windowsfileprotection.admx Set Windows File Protection scanning
windowsfileprotection.admx Hide the file scan progress window
windowsfirewall.admx Windows Firewall: Allow authenticated IPsec bypass
windowsfirewall.admx Windows Firewall: Define inbound program exceptions
windowsfirewall.admx Windows Firewall: Allow local program exceptions
windowsfirewall.admx Windows Firewall: Protect all network connections
windowsfirewall.admx Windows Firewall: Do not allow exceptions
windowsfirewall.admx Windows Firewall: Allow inbound file and printer sharing exception
windowsfirewall.admx Windows Firewall: Allow ICMP exceptions
windowsfirewall.admx Windows Firewall: Allow logging
windowsfirewall.admx Windows Firewall: Prohibit notifications
windowsfirewall.admx Windows Firewall: Define inbound port exceptions
windowsfirewall.admx Windows Firewall: Allow local port exceptions
windowsfirewall.admx Windows Firewall: Allow inbound remote administration exception
windowsfirewall.admx Windows Firewall: Allow inbound Remote Desktop exceptions
windowsfirewall.admx Windows Firewall: Prohibit unicast response to multicast or broadcast req
windowsfirewall.admx Windows Firewall: Allow inbound UPnP framework exceptions
windowsfirewall.admx Windows Firewall: Define inbound program exceptions
windowsfirewall.admx Windows Firewall: Allow local program exceptions
windowsfirewall.admx Windows Firewall: Protect all network connections
windowsfirewall.admx Windows Firewall: Do not allow exceptions
windowsfirewall.admx Windows Firewall: Allow inbound file and printer sharing exception
windowsfirewall.admx Windows Firewall: Allow ICMP exceptions
windowsfirewall.admx Windows Firewall: Allow logging
windowsfirewall.admx Windows Firewall: Prohibit notifications
windowsfirewall.admx Windows Firewall: Define inbound port exceptions
windowsfirewall.admx Windows Firewall: Allow local port exceptions
windowsfirewall.admx Windows Firewall: Allow inbound remote administration exception
windowsfirewall.admx Windows Firewall: Allow inbound Remote Desktop exceptions
windowsfirewall.admx Windows Firewall: Prohibit unicast response to multicast or broadcast req
windowsfirewall.admx Windows Firewall: Allow inbound UPnP framework exceptions
windowsmail.admx Turn off Windows Mail application
windowsmail.admx Turn off Windows Mail application
windowsmail.admx Turn off the communities features
windowsmail.admx Turn off the communities features
windowsmediadrm.admx Prevent Windows Media DRM Internet Access
windowsmediaplayer.admx Prevent Automatic Updates
windowsmediaplayer.admx Do Not Show First Use Dialog Boxes
windowsmediaplayer.admx Prevent Video Smoothing
windowsmediaplayer.admx Prevent CD and DVD Media Information Retrieval
windowsmediaplayer.admx Prevent Media Sharing
windowsmediaplayer.admx Prevent Music File Media Information Retrieval
windowsmediaplayer.admx Prevent Quick Launch Toolbar Shortcut Creation
windowsmediaplayer.admx Prevent Radio Station Preset Retrieval
windowsmediaplayer.admx Prevent Desktop Shortcut Creation
windowsmediaplayer.admx Allow Screen Saver
windowsmediaplayer.admx Prevent Codec Download
windowsmediaplayer.admx Do Not Show Anchor
windowsmediaplayer.admx Hide Privacy Tab
windowsmediaplayer.admx Hide Security Tab
windowsmediaplayer.admx Set and Lock Skin
windowsmediaplayer.admx Configure HTTP Proxy
windowsmediaplayer.admx Configure MMS Proxy
windowsmediaplayer.admx Configure RTSP Proxy
windowsmediaplayer.admx Hide Network Tab
windowsmediaplayer.admx Configure Network Buffering
windowsmediaplayer.admx Streaming Media Protocols
windowsmessenger.admx Do not automatically start Windows Messenger initially
windowsmessenger.admx Do not automatically start Windows Messenger initially
windowsmessenger.admx Do not allow Windows Messenger to be run
windowsmessenger.admx Do not allow Windows Messenger to be run
windowsremotemanagement.admx Allow Basic authentication
windowsremotemanagement.admx Allow unencrypted traffic
windowsremotemanagement.admx Disallow Digest authentication
windowsremotemanagement.admx Disallow Negotiate authentication
windowsremotemanagement.admx Disallow Kerberos authentication
windowsremotemanagement.admx Allow CredSSP authentication
windowsremotemanagement.admx Trusted Hosts
windowsremotemanagement.admx Allow remote server management through WinRM
windowsremotemanagement.admx Turn On Compatibility HTTP Listener
windowsremotemanagement.admx Turn On Compatibility HTTPS Listener
windowsremotemanagement.admx Allow Basic authentication
windowsremotemanagement.admx Allow unencrypted traffic
windowsremotemanagement.admx Disallow WinRM from storing RunAs credentials
windowsremotemanagement.admx Disallow Negotiate authentication
windowsremotemanagement.admx Disallow Kerberos authentication
windowsremotemanagement.admx Allow CredSSP authentication
windowsremotemanagement.admx Specify channel binding token hardening level
windowsremoteshell.admx Allow Remote Shell Access
windowsremoteshell.admx Specify idle Timeout
windowsremoteshell.admx MaxConcurrentUsers
windowsremoteshell.admx Specify maximum amount of memory in MB per Shell
windowsremoteshell.admx Specify maximum number of processes per Shell
windowsremoteshell.admx Specify Shell Timeout
windowsremoteshell.admx Specify maximum number of remote shells per user
windowsupdate.admx Windows Automatic Updates
windowsupdate.admx Do not display 'Install Updates and Shut Down' option in Shut Down Wind
windowsupdate.admx Do not display 'Install Updates and Shut Down' option in Shut Down Wind
windowsupdate.admx Do not adjust default option to 'Install Updates and Shut Down' in Shut
windowsupdate.admx Do not adjust default option to 'Install Updates and Shut Down' in Shut
windowsupdate.admx Remove access to use all Windows Update features
windowsupdate.admx Configure Automatic Updates
windowsupdate.admx Specify intranet Microsoft update service location
windowsupdate.admx Automatic Updates detection frequency
windowsupdate.admx Allow non-administrators to receive update notifications
windowsupdate.admx Allow Automatic Updates immediate installation
windowsupdate.admx Turn on recommended updates via Automatic Updates
windowsupdate.admx Turn on Software Notifications
windowsupdate.admx Enabling Windows Update Power Management to automatically wake up the
windowsupdate.admx No auto-restart with logged on users for scheduled automatic updates inst
windowsupdate.admx Always automatically restart at the scheduled time
windowsupdate.admx Re-prompt for restart with scheduled installations
windowsupdate.admx Delay Restart for scheduled installations
windowsupdate.admx Reschedule Automatic Updates scheduled installations
windowsupdate.admx Enable client-side targeting
windowsupdate.admx Allow signed updates from an intranet Microsoft update service location
windowsupdate.admx Do not connect to any Windows Update Internet locations
windowsupdate.admx Defer Upgrade
wininit.admx Turn off legacy remote shutdown interface
wininit.admx Timeout for hung logon sessions during shutdown
wininit.admx Require use of fast startup
winlogon.admx Display information about previous logons during user logon
winlogon.admx Remove logon hours expiration warnings
winlogon.admx Set action to take when logon hours expire
winlogon.admx Disable or enable software Secure Attention Sequence
winlogon.admx Report when logon server was not available during user logon
winlogon.admx Report when logon server was not available during user logon
winlogon.admx Custom User Interface
winlogon.admx Sign-in last interactive user automatically after a system-initiated restart
winsrv.admx Turn off automatic termination of applications that block or cancel shutd
wlansvc.admx Set Cost
wordwheel.admx Custom Instant Search Internet search provider
workfolders-client.admx Force automatic setup for all users
workfolders-client.admx Specify Work Folders settings
workplacejoin.admx Register domain joined computers as devices
wpn.admx Turn off tile notifications
wpn.admx Turn off toast notifications
wpn.admx Turn off toast notifications on the lock screen
wpn.admx Turn off notifications network usage
wpn.admx Turn off Quiet Hours
wpn.admx Set the time Quiet Hours begins each day
wpn.admx Set the time Quiet Hours ends each day
wpn.admx Turn off calls during Quiet Hours
wwansvc.admx Set 3G Cost
wwansvc.admx Set 4G Cost
Scope Policy Path
Machine Windows Components\ActiveX Installer Service
Machine Windows Components\ActiveX Installer Service
User Control Panel\Add or Remove Programs
Machine Windows Components\Data Collection and Preview Builds
Machine Windows Components\Application Compatibility
User Windows Components\Application Compatibility
Machine Windows Components\App Package Deployment
Machine Windows Components\App runtime
User Windows Components\App runtime
User Windows Components\App runtime
User Windows Components\Attachment Manager
Machine System\Audit Process Creation
Machine Windows Components\AutoPlay Policies
User Windows Components\AutoPlay Policies
Machine Windows Components\Software Protection Platform
Machine Windows Components\Biometrics
Machine Network\Background Intelligent Transfer Service (BITS)
Machine Windows Components\Windows Customer Experience Improveme
Machine Windows Components\Windows Customer Experience Improveme
Machine Network\SSL Configuration Settings
Machine Network\SSL Configuration Settings
User System
Machine System
User Windows Components\NetMeeting\Application Sharing
User Windows Components\NetMeeting\Audio & Video
User Windows Components\NetMeeting
Machine Windows Components\NetMeeting
User Windows Components\NetMeeting\Options Page
User Control Panel
User Control Panel
User Control Panel
User Control Panel
User Control Panel\Display
User Control Panel\Display
User Control Panel\Personalization
Machine Control Panel\Personalization
Machine Control Panel\User Accounts
Machine System\Logon
Machine System\Credentials Delegation
Machine Windows Components\Credential User Interface
User Windows Components\Credential User Interface
User System\Ctrl+Alt+Del Options
Machine System\Distributed COM\Application Compatibility Settings
Machine System\Distributed COM\Application Compatibility Settings
Machine Windows Components\Delivery Optimization
User Desktop\Desktop
User Desktop\Active Directory
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
User Desktop
Machine Windows Components\Device and Driver Compatibility
Machine Windows Components\Device and Driver Compatibility
Machine System\Device Guard
Machine System\Device Guard
Machine System\Device Installation
Machine System\Device Installation\Device Installation Restrictions
Machine System\Driver Installation
User System\Driver Installation
Machine System\Device Redirection\Device Redirection Restrictions
Machine System\Device Redirection\Device Redirection Restrictions
Machine System\Driver Installation
Machine Network
User Windows Components\Digital Locker
Machine Windows Components\Digital Locker
Machine System\Troubleshooting and Diagnostics\Disk Diagnostic
Machine System\Troubleshooting and Diagnostics\Disk Diagnostic
Machine System\Disk NV Cache
Machine System\Disk Quotas
Machine System
Machine Network\DNS Client
User Windows Components\Desktop Window Manager
Machine Windows Components\Desktop Window Manager
User Windows Components\Desktop Window Manager
User Windows Components\Desktop Window Manager\Window Frame C
Machine Windows Components\Desktop Window Manager\Window Frame C
User Windows Components\Desktop Window Manager\Window Frame C
Machine Windows Components\Desktop Window Manager\Window Frame C
User Windows Components\IME
Machine System\Early Launch Antimalware
User Windows Components\Edge UI
Machine Windows Components\Edge UI
Machine System
Machine System\Enhanced Storage Access
Machine Windows Components\Windows Error Reporting
User Windows Components\Windows Error Reporting
Machine Windows Components\Windows Error Reporting\Advanced Error Re
User Windows Components\Windows Error Reporting\Advanced Error Re
User Windows Components\Windows Error Reporting\Consent
Machine Windows Components\Windows Error Reporting\Consent
User Windows Components\Windows Error Reporting\Consent
Machine Windows Components\Windows Error Reporting\Consent
Machine Windows Components\Event Forwarding
Machine Windows Components\Event Forwarding
Machine Windows Components\Event Log Service\Application
Machine Windows Components\Event Log Service\Security
Machine Windows Components\Event Log Service\Setup
Machine Windows Components\Event Log Service\System
Machine Windows Components\Event Logging
Machine Windows Components\Event Viewer
User Windows Components\File Explorer
Machine Windows Components\File Explorer
Machine Windows Components\Portable Operating System
Machine Windows Components\File History
Machine System\Troubleshooting and Diagnostics\Corrupted File Recovery
User Windows Components\File Revocation
Machine System\File Share Shadow Copy Agent
Machine System\File Share Shadow Copy Provider
Machine System\Filesystem
Machine System\Filesystem\NTFS
Machine System\Filesystem
User System\Folder Redirection
Machine System\Folder Redirection
Machine System\Folder Redirection
User Windows Components\File Explorer\Explorer Frame Pane
User Windows Components\File Explorer\Explorer Frame Pane
Machine System\Troubleshooting and Diagnostics\Fault Tolerant Heap
Machine Windows Components\Windows Game Recording and Broadcastin
Machine Windows Components\Game Explorer
User System\Locale Services
Machine System\Locale Services
User Control Panel\Regional and Language Options
Machine Control Panel\Regional and Language Options
User System
User Control Panel\Regional and Language Options\Handwriting persona
Machine Control Panel\Regional and Language Options\Handwriting persona
Machine System\Group Policy
Machine System\Mitigation Options
User System\Group Policy
Machine System\Group Policy\Logging and tracing
User Windows Components\Microsoft Management Console\Restricted/Pe
Machine System
User System
Machine System
Machine System
Machine Windows Components\Online Assistance
User System\Internet Communication Management\Internet Communicat
Machine Network\Hotspot Authentication
User System\Internet Communication Management
Machine System\Internet Communication Management
Machine System\Internet Communication Management\Internet Communicat
Machine Windows Components\Internet Information Services
User Windows Components\Internet Explorer\Administrator Approved C
Machine Windows Components\Internet Explorer\Internet Control Panel\A
User Windows Components\Internet Explorer\Internet Control Panel\A
Machine Windows Components\Internet Explorer\Security Features
Machine Windows Components\Internet Explorer\Internet Control Panel\C
User Windows Components\Internet Explorer\Internet Control Panel\C
User Windows Components\Internet Explorer\Internet Settings\AutoCo
Machine Windows Components\Internet Explorer\Internet Settings\Advance
User Windows Components\Internet Explorer\Internet Settings\Advance
User Windows Components\Internet Explorer\Offline Pages
Machine Windows Components\Internet Explorer\Corporate Settings\Code
User Windows Components\Internet Explorer\Internet Settings\Display
Machine Windows Components\Internet Explorer\Internet Control Panel
User Windows Components\Internet Explorer\Internet Control Panel
User Windows Components\Internet Explorer\Internet Settings\URL En
Machine Windows Components\Internet Explorer\Internet Settings\Compon
User Windows Components\Internet Explorer\Internet Settings\Advanced
Machine Windows Components\Internet Explorer\Security Features\Add-
User Windows Components\Internet Explorer\Security Features\Add-
Machine Windows Components\Internet Explorer\Security Features\Binary B
User Windows Components\Internet Explorer\Security Features\Binary B
Machine Windows Components\Internet Explorer\Security Features\Consis
User Windows Components\Internet Explorer\Security Features\Consis
Machine Windows Components\Internet Explorer\Security Features\Notifica
User Windows Components\Internet Explorer\Security Features\Notifica
Machine Windows Components\Internet Explorer\Security Features\Local
User Windows Components\Internet Explorer\Security Features\Local
Machine Windows Components\Internet Explorer\Security Features\Mime Sn
User Windows Components\Internet Explorer\Security Features\Mime Sn
Machine Windows Components\Internet Explorer\Security Features\MK Proto
User Windows Components\Internet Explorer\Security Features\MK Proto
Machine Windows Components\Internet Explorer\Security Features\Netwo
User Windows Components\Internet Explorer\Security Features\Netwo
Machine Windows Components\Internet Explorer\Security Features\Object
User Windows Components\Internet Explorer\Security Features\Object
Machine Windows Components\Internet Explorer\Security Features\Protect
User Windows Components\Internet Explorer\Security Features\Protect
Machine Windows Components\Internet Explorer\Security Features\Restrict
User Windows Components\Internet Explorer\Security Features\Restrict
Machine Windows Components\Internet Explorer\Security Features\Restric
User Windows Components\Internet Explorer\Security Features\Restric
Machine Windows Components\Internet Explorer\Security Features\Scripte
User Windows Components\Internet Explorer\Security Features\Scripte
Machine Windows Components\Internet Explorer\Security Features\Network
User Windows Components\Internet Explorer\Security Features\Network
Machine Windows Components\Internet Explorer
User Windows Components\Internet Explorer
Machine Windows Components\Internet Explorer\Delete Browsing History
User Windows Components\Internet Explorer\Delete Browsing History
Machine Windows Components\Internet Explorer\Internet Settings\AutoCo
Machine Windows Components\Internet Explorer\Internet Settings\AutoCo
Machine Windows Components\Internet Explorer\Internet Control Panel\Se
User Windows Components\Internet Explorer\Internet Control Panel\Se
Machine Windows Components\Internet Explorer\Internet Control Panel\Sec
User Windows Components\Internet Explorer\Internet Control Panel\Sec
Machine Windows Components\Internet Explorer\Internet Control Panel\S
User Windows Components\Internet Explorer\Internet Control Panel\S
User Windows Components\Internet Explorer\Internet Settings\Display s
User Windows Components\Internet Explorer\Browser menus
Machine Windows Components\Internet Explorer\Browser menus
Machine Windows Components\Internet Explorer\Browser menus
User Windows Components\Internet Explorer\Persistence Behavior
Machine Windows Components\RSS Feeds
User Windows Components\RSS Feeds
Machine Windows Components\Internet Explorer\Application Compatibility
User Windows Components\Internet Explorer\Application Compatibility
Machine Windows Components\Internet Explorer\Security Features\AJAX
User Windows Components\Internet Explorer\Security Features\AJAX
User Windows Components\Internet Explorer\Security Features
User Windows Components\Internet Explorer\Security Features
Machine Windows Components\Internet Explorer\Toolbars
User Windows Components\Internet Explorer\Toolbars
Machine Windows Components\Internet Explorer\Internet Settings\Componen
Machine Windows Components\Internet Explorer\Internet Settings\Componen
Machine Windows Components\Internet Explorer\Privacy
User Windows Components\Internet Explorer\Privacy
User Windows Components\Internet Explorer\Accelerators
Machine Windows Components\Internet Explorer\Accelerators
Machine Windows Components\Internet Explorer\Compatibility View
User Windows Components\Internet Explorer\Compatibility View
Machine Windows Components\Internet Explorer\Internet Control Panel\Ge
User Windows Components\Internet Explorer\Internet Control Panel\Ge
Machine Windows Components\Internet Explorer\Internet Settings
User Windows Components\Internet Explorer\Internet Settings
Machine Windows Components\Internet Explorer\Internet Settings
User Windows Components\Internet Explorer\Internet Settings
Machine System\iSCSI\iSCSI Target Discovery
Machine System\iSCSI\General iSCSI
Machine System\iSCSI\General iSCSI
Machine System\iSCSI\iSCSI Security
Machine System\KDC
Machine System\KDC
Machine System\KDC
Machine System\KDC
Machine System\KDC
Machine System\Kerberos
Machine Network\Lanman Server
Machine Network\Lanman Workstation
Machine System\Troubleshooting and Diagnostics\Windows Memory Leak D
Machine Network\Link-Layer Topology Discovery
Machine Network\Link-Layer Topology Discovery
User System\Logon
User System\Logon
User System\Logon
Machine System
User System
Machine System
User Windows Components\Windows Media Center
Machine Windows Components\Windows Media Center
Machine Windows Components\Location and Sensors\Windows Location Pr
Machine Windows Components\Microsoft Edge
User Windows Components\Microsoft Edge
User Windows Components\Microsoft Management Console
User Windows Components\Microsoft Management Console
User Windows Components\Microsoft Management Console\Restricted/P
User Windows Components\Microsoft Management Console\Restricted/
User Windows Components\Microsoft Management Console\Restricted/Per
User Windows Components\Windows Mobility Center
Machine Windows Components\Windows Mobility Center
User Windows Components\Presentation Settings
Machine Windows Components\Presentation Settings
Machine Windows Components\Maintenance Scheduler
Machine System\Troubleshooting and Diagnostics\Microsoft Support Diagno
Machine System\Troubleshooting and Diagnostics\MSI Corrupted File Recov
Machine Windows Components\Windows Installer
User Windows Components\Windows Installer
Machine Network\DirectAccess Client Experience Settings
Machine Network\Network Connectivity Status Indicator
Machine System\Net Logon
Machine System\Net Logon\DC Locator DNS Records
User Network\Network Connections
Machine Network\Network Connections
Machine Network\Network Isolation
Machine Network\Network Provider
Machine Network\Offline Files
User Network\Offline Files
Machine Network\Microsoft Peer-to-Peer Networking Services
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer Name R
Machine Network\Microsoft Peer-to-Peer Networking Services\Peer Name Re
Machine Network\Microsoft Peer-to-Peer Networking Services
Machine Windows Components\Family Safety
Machine Windows Components\Microsoft Passport for Work
Machine Windows Components\Microsoft Passport for Work\PIN Complexit
User Windows Components\Microsoft Passport for Work\PIN Complexit
Machine System\Troubleshooting and Diagnostics\Application Compatibility
Machine Network\BranchCache
User Windows Components\Tablet PC\Tablet PC Pen Training
Machine Windows Components\Tablet PC\Tablet PC Pen Training
Machine System\Troubleshooting and Diagnostics\Windows Boot Performan
Machine System\Troubleshooting and Diagnostics\Windows Standby/Resum
Machine System\Troubleshooting and Diagnostics\Windows System Respons
Machine System\Troubleshooting and Diagnostics\Windows Shutdown Perf
Machine System\Troubleshooting and Diagnostics\Windows Performance Pe
Machine System\Power Management\Notification Settings
Machine System\Power Management\Button Settings
Machine System\Power Management\Hard Disk Settings
Machine System\Power Management\Hard Disk Settings
Machine System\Power Management
Machine System\Power Management
User System\Power Management
Machine System\Power Management\Sleep Settings
Machine System\Power Management\Video and Display Settings
Machine System
Machine Windows Components\Windows PowerShell
User Windows Components\Windows PowerShell
User Windows Components\File Explorer\Previous Versions
Machine Windows Components\File Explorer\Previous Versions
Machine Printers
Machine Printers
Machine Printers
Machine Printers
User Control Panel\Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
Machine Printers
User Control Panel\Programs
Machine Network\QoS Packet Scheduler\DSCP value of conforming packets
Machine Network\QoS Packet Scheduler\DSCP value of non-conforming pac
Machine Network\QoS Packet Scheduler
Machine Network\QoS Packet Scheduler\Layer-2 priority value
Machine Windows Components\Windows Reliability Analysis
Machine System\Troubleshooting and Diagnostics\Windows Resource Exhaus
Machine System\Recovery
Machine System
Machine System
Machine System
Machine System\Remote Assistance
User System\Removable Storage Access
Machine System\Removable Storage Access
Machine System\Remote Procedure Call
Machine System\Scripts
User System\Scripts
User System\Scripts
User System\Scripts
User System\Scripts
User System\Scripts
Machine System\Troubleshooting and Diagnostics\Scripted Diagnostics
Machine System\Troubleshooting and Diagnostics\Scheduled Maintenance
Machine Windows Components\Search
User Windows Components\Search
Machine String Not Found\OCR
Machine String Not Found\OCR
Machine Windows Components\Security Center
User Windows Components\Location and Sensors
Machine Windows Components\Location and Sensors
Machine System\Server Manager
Machine System
Machine System
Machine Windows Components\Sync your settings
Machine System
Machine System
User Shared Folders
User Shared Folders
User Windows Components\Network Sharing
Machine Windows Components\HomeGroup
User System
User System
User System
User System
User Windows Components\Desktop Gadgets
Machine Windows Components\Desktop Gadgets
Machine Windows Components\OneDrive
Machine Windows Components\Smart Card
Machine Network\SNMP
User Windows Components\Sound Recorder
Machine Windows Components\Sound Recorder
Machine System\File Classification Infrastructure
Machine System\File Classification Infrastructure
Machine System\Access-Denied Assistance
Machine System\Access-Denied Assistance
User Start Menu and Taskbar
Machine Start Menu and Taskbar
Machine Start Menu and Taskbar
Machine System\System Restore
Machine System\System Restore
User Windows Components\Tablet PC\Input Panel
Machine Windows Components\Tablet PC\Input Panel
User Windows Components\Tablet PC\Accessories
Machine Windows Components\Tablet PC\Accessories
User Windows Components\Tablet PC\Cursors
Machine Windows Components\Tablet PC\Cursors
User Windows Components\Tablet PC\Hardware Buttons
Machine Windows Components\Tablet PC\Hardware Buttons
User Windows Components\Tablet PC\Pen Flicks Learning
Machine Windows Components\Tablet PC\Pen Flicks Learning
User Windows Components\Tablet PC\Pen UX Behaviors
Machine Windows Components\Tablet PC\Pen UX Behaviors
User Windows Components\Task Scheduler
Machine Windows Components\Task Scheduler
Machine Network\TCPIP Settings\IPv6 Transition Technologies
Machine Network\TCPIP Settings\Parameters
Machine Network\TCPIP Settings\Parameters
User Windows Components\Remote Desktop Services\Remote Desktop Se
User Windows Components\Remote Desktop Services\Remote Desktop S
Machine Windows Components\Remote Desktop Services\Remote Desktop S
Machine Windows Components\Remote Desktop Services\Remote Desktop Se
Machine Windows Components\Remote Desktop Services\Remote Desktop C
User Windows Components\Remote Desktop Services\Remote Desktop C
User Windows Components\Remote Desktop Services\RD Gateway
Machine Windows Components\Remote Desktop Services\RD Licensing
Machine Windows Components\Remote Desktop Services\RD Licensing
User Windows Components\Remote Desktop Services\RemoteApp and D
Machine Windows Components\Text Input
User Windows Components\Tablet PC\Touch Input
Machine Windows Components\Tablet PC\Touch Input
User Windows Components\Tablet PC\Touch Input
Machine Windows Components\Tablet PC\Touch Input
Machine System\Trusted Platform Module Services
User Windows Components\Backup\Client
Machine Windows Components\Backup\Client
Machine System\User Profiles
User System\User Profiles
Machine Windows Components\BitLocker Drive Encryption
Machine Windows Components\BitLocker Drive Encryption\Operating Syste
Machine Windows Components\BitLocker Drive Encryption\Fixed Data Drive
Machine Windows Components\BitLocker Drive Encryption\Removable Data
Machine System\Windows Time Service
Machine System\Windows Time Service\Time Providers
Machine Network\Windows Connection Manager
Machine System\Troubleshooting and Diagnostics
Machine System\Troubleshooting and Diagnostics
User Windows Components\Windows Calendar
Machine Windows Components\Windows Calendar
Machine Windows Components\Add features to Windows 10
User Windows Components\Add features to Windows 10
Machine Windows Components\Backup\Server
User Windows Components\Windows Color System
Machine Windows Components\Windows Color System
User Network\Windows Connect Now
Machine Network\Windows Connect Now
Machine Network\Windows Connect Now
Machine Windows Components\Windows Defender\Exclusions
Machine Windows Components\Windows Defender
Machine Windows Components\Windows Defender\Network Inspection Sy
Machine Windows Components\Windows Defender\Network Inspection Sys
Machine Windows Components\Windows Defender\Quarantine
Machine Windows Components\Windows Defender\Quarantine
Machine Windows Components\Windows Defender\Real-time Protection
Machine Windows Components\Windows Defender\Remediation
Machine Windows Components\Windows Defender\Reporting
Machine Windows Components\Windows Defender\Scan
Machine Windows Components\Windows Defender\Signature Updates
Machine Windows Components\Windows Defender\MAPS
Machine Windows Components\Windows Defender\Threats
Machine Windows Components\Windows Defender\Threats
Machine Windows Components\Windows Defender\Client Interface
User Windows Components\File Explorer\Common Open File Dialog
Machine System\Windows File Protection
Machine Network\Network Connections\Windows Firewall
Machine Network\Network Connections\Windows Firewall\Domain Profile
Machine Network\Network Connections\Windows Firewall\Standard Profile
User Windows Components\Windows Mail
Machine Windows Components\Windows Mail
User Windows Components\Windows Mail
Machine Windows Components\Windows Mail
Machine Windows Components\Windows Media Digital Rights Management
Machine Windows Components\Windows Media Player
User Windows Components\Windows Media Player
User Windows Components\Windows Media Player\Playback
User Windows Components\Windows Media Player\Playback
User Windows Components\Windows Media Player\User Interface
User Windows Components\Windows Media Player\Networking
Machine Windows Components\Windows Messenger
User Windows Components\Windows Messenger
Machine Windows Components\Windows Messenger
User Windows Components\Windows Messenger
Machine Windows Components\Windows Remote Management (WinRM)\Wi
Machine Windows Components\Windows Remote Management (WinRM)\W
Machine Windows Components\Windows Remote Shell
User System
Machine Windows Components\Windows Update
User Windows Components\Windows Update
Machine Windows Components\Shutdown Options
Machine Windows Components\Shutdown Options
Machine System\Shutdown
Machine Windows Components\Windows Logon Options
User Windows Components\Windows Logon Options
User System
Machine System\Shutdown Options
Machine Network\WLAN Service\WLAN Media Cost
User Windows Components\Instant Search
Machine Windows Components\Work Folders
User Windows Components\Work Folders
Machine Windows Components\Device Registration
User Start Menu and Taskbar\Notifications
Machine Network\WWAN Service\WWAN Media Cost
Machine Network\WWAN Service\WWAN Media Cost
Registry Information Supported On
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\AxInAt least Windows Vista
HKCU\Software\Microsoft\Windows\CurrentVersion
Windows Server 2003 Windows XP an
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2003 Windows XP an
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\PrevAt least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows\Ap At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Windows\App At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Windows\App At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\App At least Windows Server 2003
HKCU\Software\Policies\Microsoft\Windows\App At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\App At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\AppxAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\AppxAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\App At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\App At least Windows 8.1 Update 2
HKLM\Software\Policies\Microsoft\Windows\App At least Windows 8.1 Update 2
HKLM\Software\Policies\Microsoft\Windows\Cur At least Windows 10 Server Windows
HKLM\Software\Microsoft\Windows\CurrentVersion\
At least Windows Server 2012 Windo
HKCU\Software\Microsoft\Windows\CurrentVersion\
HKLM\Software\Microsoft\Windows\CurrentVersion
HKLM\Software\Microsoft\Windows\CurrentVersi At least Windows Server 2012 R2 Wi
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2012 R2 Wi
HKLM\Software\Microsoft\Windows\CurrentVersi At least Windows 10 Server Windows
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows XP Professional wit
At least Windows XP Professional wit
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows Vista
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows Vista
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows 2000
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows NT\Cu At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Biometrics!EAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\Cr At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\CAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Biometrics\CAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\BITS!Windows XP or Windows Server 2003 o
HKLM\Software\Policies\Microsoft\Windows\BI At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\BIT Windows XP SP2 or Windows Server 20
HKLM\Software\Policies\Microsoft\Windows\BIT Windows 7 or computers with BITS 3.5
HKLM\Software\Policies\Microsoft\Windows\BITS Windows 7 or computers with BITS 3.5
HKLM\Software\Policies\Microsoft\Windows\BITS At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\BIT At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\BITS!At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\BITS\Windows 8 or Windows Server 2012 or
HKLM\Software\Policies\Microsoft\Windows\BITS Windows 7 or computers with BITS 3.5
HKLM\Software\Policies\Microsoft\SQMClient!C At least Windows Vista
HKLM\Software\Policies\Microsoft\SQMClient\Wi At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\CryptographyAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\CryptographAt least Windows Server Technical P
HKCU\Software\Policies\Microsoft\Windows\Ap At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Ap At least Windows 2000
HKCU\Software\Policies\Microsoft\Conferencing! at least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencing at least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencin at least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencing!Pat least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencin at least Windows NetMeeting v3.0
HKLM\Software\Policies\Microsoft\Conferencing at least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencing!Uat least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencing!Nat least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencing!Nat least Windows NetMeeting v3.0
HKCU\Software\Policies\Microsoft\Conferencing!Ca
at least Windows NetMeeting v3.0
HKCU\Software\Microsoft\Windows\CurrentVersion At least Windows 2000
HKCU\Software\Microsoft\Windows\CurrentVersion At least Windows Server 2003 operat
HKCU\Software\Microsoft\Windows\CurrentVersi At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\ContAt least Windows 2000 Service Pack 1
HKCU\Software\Policies\Microsoft\Windows\ContrAt least Windows 2000 Service Pack 1
HKCU\Software\Policies\Microsoft\Windows\Per At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Pers At least Windows Server 2008 R2 or
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows Serve
HKCU\Software\Microsoft\Windows\CurrentVersi At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\PersoAt least Windows Server 2008 R2 or
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Pers At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Pers At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Pers At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\PersoWindows Server 2012 R2 Windows 8.1
HKLM\Software\Policies\Microsoft\Windows\PersoAt least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Per At least Windows Server 2012 Windo
HKLM\Software\Microsoft\Windows\CurrentVersionAt least Windows Vista
HKLM\Software\Microsoft\Windows\CurrentVersi At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\SysteAt least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows\CredeAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Cre At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\CredeAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\CredAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\CredeAt least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\CredAt least Windows Server 2012 Window
HKCU\Software\Policies\Microsoft\Windows\CredAt least Windows Server 2012 Window
HKCU\Software\Microsoft\Windows\CurrentVersionAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\DataAt least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows\PreviAt least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows XP Professional wit
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeAt least Windows 10 or Windows 10
HKLM\SOFTWARE\Policies\Microsoft\Windows\DelAt least Windows 10 or Windows 10
HKCU\Software\Policies\Microsoft\Windows\Direct
At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\DirecWindows 2000 only
HKCU\Software\Policies\Microsoft\Windows\DirecAt least Windows 2000
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2003 and Windows X
HKCU\Software\Microsoft\Windows\CurrentVers At least Windows Server 2003 operat
HKCU\Software\Microsoft\Windows\CurrentVers Windows Server 2003 Windows XP an
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows 2000 Service Pack 3
HKCU\Software\Microsoft\Windows\CurrentVers At least Windows Server 2003 operat
HKCU\Software\Microsoft\Windows\CurrentVersionAt least Windows Server 2003 operat
HKLM\System\CurrentControlSet\Policies\MicrosofAt least Windows Server 2012 Windo
HKLM\System\CurrentControlSet\Policies\MicrosofAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\Dev At least Windows 10 Server Windows
HKLM\SOFTWARE\Policies\Microsoft\Windows\Dev At least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows\Device
At least Windows Vista
At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\DevicAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\DevicWindows Server 2008 Windows 7 and
HKLM\Software\Policies\Microsoft\Windows\DevicAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Driver
HKCU\Software\Policies\Microsoft\Windows NT\DrWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\DeviAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\DeviAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Driv Windows Server 2008 Windows Serve
HKCU\Software\Policies\Microsoft\Windows\Dri Windows Server 2008 Windows Serve
HKLM\Software\Policies\Microsoft\Windows\Dri Windows Server 2008 Windows Serve
HKLM\Software\Policies\Microsoft\Windows\Driv At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\DriveAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\DeAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\System\DFSCl At least Windows Server 2003 operat
HKCU\SOFTWARE\Policies\Microsoft\Windows\Digi At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Digi At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\WD Windows Server 2008 with Desk
HKLM\SOFTWARE\Policies\Microsoft\Windows\WD Windows Server 2008 with Desk
HKLM\Software\Policies\Microsoft\Windows\Nv At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Nv At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\NvC At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\NvC At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows NT\DAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows NT At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Sy Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT Windows XP Professional only
HKLM\Software\Policies\Microsoft\Windows NT\ Windows XP Professional only
HKLM\Software\Policies\Microsoft\System\DNSCliAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT\DAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT\DNAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT\DNWindows XP Professional only
HKLM\Software\Policies\Microsoft\Windows NT\DAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT\DAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows NT\DAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows NT At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows Server 2012 Windo
HKCU\SOFTWARE\Policies\Microsoft\Windows\D At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\D At least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\Windows\DW Windows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\Windows\DW Windows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\Windows\DW At least Windows Server 2012 Windo
HKCU\SOFTWARE\Policies\Microsoft\Windows\DW At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\DW At least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\Windows\DW At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\DW At least Windows Vista
HKCU\software\policies\microsoft\ime\shared!mi At least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\imejp!Sav At least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\imejp!UseHAt least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\shared!O At least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\shared!SeaAt least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\shared!UseAt least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\imejp!Co At least Windows Server 2012 Windo
HKCU\software\policies\microsoft\ime\imejp!Sh At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\InputMethod\SAt least Windows Server 2012 R2 Wi
HKLM\System\CurrentControlSet\Policies\EarlyLa At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\EdgeAt least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\EdgeAt least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\EdgeAt least Windows Server 2012 R2 Wi
HKCU\Software\Policies\Microsoft\Windows\EdgeAt least Windows Server 2012 R2 Wi
HKCU\Software\Policies\Microsoft\Windows\E At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\EdgeU At least Windows Server 2012 R2 Wi
HKCU\Software\Policies\Microsoft\Windows\EdgeU At least Windows Server 2012 R2 Wi
HKLM\Software\Microsoft\Windows\CurrentVersi At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Enh At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Enh At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\EnhaAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Enhan At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\PCHealth\Er Windows Server 2003 and Windows X
HKLM\Software\Policies\Microsoft\PCHealth\Err Windows Server 2003 and Windows X
HKCU\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiAt least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Server 2008 R2 or
HKCU\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Server 2012 Windo
HKCU\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\PCHealth\Erro Windows Server 2003 and Windows X
HKLM\Software\Policies\Microsoft\PCHealth\ErrorWindows Server 2003 and Windows X
HKCU\Software\Policies\Microsoft\Windows\Windo At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\WindAt least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\Windows\WiAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Eve At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\EvenAt least Windows Vista
HKLM\System\CurrentControlSet\Services\EventL At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\EventAt least Windows Vista
HKLM\System\CurrentControlSet\Services\EventL At least Windows Vista
HKLM\System\CurrentControlSet\Services\Event At least Windows Vista
HKLM\System\CurrentControlSet\Services\Event At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\EvenAt least Windows Server Technical P
HKLM\Software\Policies\Microsoft\EventViewer!MAt least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\EventViewer At least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\EventViewer!MAt least Windows XP Professional wit
HKCU\Software\Microsoft\Windows\CurrentVersion At least Windows Vista
HKCU\Software\Microsoft\Windows\CurrentVersion At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Expl At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Exp At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Expl At least Windows Server 2008 R2 or
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows 10 or Windows 10
HKLM\Software\Policies\Microsoft\Windows\ExploUnknown
HKLM\Software\Policies\Microsoft\PortableOperaAt least Windows Server 2012 Windo
HKLM\System\CurrentControlSet\Policies\MicrosoAt least Windows Server 2012 Windo
HKLM\System\CurrentControlSet\Policies\MicrosoAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\FileHAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\WD At least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\FileRAt least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\fs At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\fssPrAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\File At least Windows Vista
HKLM\System\CurrentControlSet\Policies!NtfsDis At least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies!NtfsDisaAt least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies!NtfsEncrAt least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies!NtfsDi At least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies!DisableDAt least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies!NtfsEna At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\SysteAt least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\Net At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\Ne At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Syst At least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\G At least Windows 10 or Windows 10
HKLM\Software\Policies\Microsoft\Windows\G At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Game At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\G At least Windows Vista
HKCU\Software\Policies\Microsoft\Control Panel\ At least Windows Vista
HKLM\Software\Policies\Microsoft\Control Panel\ At least Windows Vista
HKLM\Software\Policies\Microsoft\Control Panel\ At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Control Panel\IAt least Windows Vista
HKLM\Software\Policies\Microsoft\Control Panel\IAt least Windows Vista
HKCU\Software\Policies\Microsoft\Control Panel At least Windows Vista
HKLM\Software\Policies\Microsoft\Control Panel At least Windows Vista
HKLM\Software\Policies\Microsoft\MUI\Settings! At least Windows Vista
HKCU\Software\Policies\Microsoft\Control Panel At least Windows Vista
HKLM\Software\Policies\Microsoft\MUI\Settings! At least Windows Vista
HKCU\Software\Policies\Microsoft\Control Panel At least Windows 2000
HKLM\Software\Policies\Microsoft\Control Panel At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\InputPersonali At least Windows Server Technical P
HKCU\Software\Policies\Microsoft\Control Panel\ At least Windows 2000
HKCU\SOFTWARE\Policies\Microsoft\InputPersonali At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\InputPersonali At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2008
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Sy At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Syst At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\SysteAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Syst At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Syst At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Windows\Gro At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Gr At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Gr At least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\Syst At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Syst At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\GrouWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\Sy At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\Group At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\Group At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\Syst At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Syst At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\Syst At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\GrouAt least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\GrouAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\GrouWindows Server 2003 and Windows X
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Gro At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Gr At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{6A7120At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{0DA27 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{17C62 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{1612b55At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{1b767e At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{2EA1A8At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{35141B At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{3BAE7EAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{3EC4E At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{3BFAE At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{516FC6 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{79F926 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{949FB8 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{BFCBBEAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{9AD2B At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{A8C42 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{B9CCA At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{BEE07AAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{CAB54 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{CC5746 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{CEFFA6 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{CF848DAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{12753 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{45B01F At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Syst At least Internet Explorer 6 Service Pa
HKCU\Software\Policies\Microsoft\Windows\Syst At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Assistance\Cli At least Windows Vista
HKCU\Software\Policies\Microsoft\Assistance\Cli At least Windows Vista
HKCU\Software\Policies\Microsoft\Assistance\Cli At least Windows Vista
HKCU\Software\Policies\Microsoft\Assistance\ClieAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\HotsAt least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\InternetMana At least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\InternetMana At least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\SystemCertifi At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows NT\PrAt least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows NT\ At least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\Windows\Dri Windows Server 2008 Windows Serve
HKLM\Software\Policies\Microsoft\EventViewer!MAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\PCHealth\HelpAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\PCHealth\HelpAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Inte At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\RegisAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\PCHealth\Err At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Wi At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\SearchCompanAt least Windows Server 2003 operat
HKLM\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows Serve
HKCU\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2012 Windo
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Messenger\Cli At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Messenger\Cli At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\SQMClient\Wi At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\NetwAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows NT\IIS Windows Server 2003 only
HKCU\Software\Policies\Microsoft\Windows\Curr At least Internet Explorer 5.0
HKLM\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 10.0 on Wi
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 10.0 on Wi
HKLM\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 11.0
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 11.0
HKLM\Software\Policies\Microsoft\Internet At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 6.0 in Win
HKLM\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 7.0
HKCU\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 8.0
HKLM\Software\Policies\Microsoft\Internet ExplorAt least Internet Explorer 10.0
HKCU\Software\Policies\Microsoft\Internet ExplorAt least Internet Explorer 10.0
HKLM\Software\Policies\Microsoft\Internet Exp At least Internet Explorer 10.0
HKLM\SOFTWARE\Policies\Microsoft\Windows\Curr At least Internet Explorer 8.0
HKCU\SOFTWARE\Policies\Microsoft\Windows\Curr At least Internet Explorer 8.0
HKLM\SOFTWARE\Policies\Microsoft\Windows\Curr At least Internet Explorer 8.0
HKCU\SOFTWARE\Policies\Microsoft\Windows\Curr At least Internet Explorer 8.0
HKLM\SOFTWARE\Policies\Microsoft\Windows\Curr At least Internet Explorer 11.0 on Wi
HKCU\SOFTWARE\Policies\Microsoft\Windows\Curr At least Internet Explorer 11.0 on Wi
HKLM\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 7.0
HKCU\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 8.0
HKLM\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 6.0 in Win
HKLM\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Win
HKLM\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 6.0 in Window
HKCU\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 6.0 in Window
HKLM\Software\Policies\Microsoft\Internet Expl Only Internet Explorer 6.0 in Window
HKCU\Software\Policies\Microsoft\Internet Expl Only Internet Explorer 6.0 in Window
HKLM\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Win
HKLM\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Internet Expl At least Internet Explorer 6.0 in Win
HKLM\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 6.0 in Window
HKCU\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 6.0 in Window
HKLM\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 6.0 in Window
HKCU\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 6.0 in Window
HKLM\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 6.0 in Win
HKLM\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 6.0 in Win
HKCU\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 6.0 in Win
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurAt least Internet Explorer 7.0
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurOnly Internet Explorer 4.0
HKCU\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 5.0 through In
HKCU\Software\Policies\Microsoft\Internet Exp At least Internet Explorer 11.0
HKCU\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 5.0 and Interne
HKCU\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 5.0 and Interne
HKCU\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 7.0
HKLM\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 7.0
HKLM\Software\Policies\Microsoft\Windows\Curr At least Internet Explorer 7.0
HKCU\Software\Policies\Microsoft\Internet Conn At least Internet Explorer 7.0. Not
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Internet Explorer 8.0
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Internet Explorer 8.0
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Internet Explorer 6.0 in Wi
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Internet Explorer 6.0 in Wi
HKLM\Software\Microsoft\Windows\CurrentVersion\At least Internet Explorer 6.0 in Wi
HKCU\Software\Microsoft\Windows\CurrentVersion\At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Internet E At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet E At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Internet Exp At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet Exp At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Internet Ex At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet Ex At least Internet Explorer 6.0 in Wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\Curre At least Internet Explorer 6.0 in Wi
HKCU\SOFTWARE\Policies\Microsoft\Windows\Curre At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Internet Explore
At least Internet Explorer 7.0
HKLM\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 7.0
HKCU\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 7.0
HKCU\Software\Policies\Microsoft\Internet Expl Only Internet Explorer 7.0 and Interne
HKLM\Software\Policies\Microsoft\Internet ExplorAt least Internet Explorer 10.0 on Wi
HKCU\Software\Policies\Microsoft\Internet ExplorAt least Internet Explorer 10.0 on Wi
HKCU\Software\Policies\Microsoft\Windows\CurreOnly Internet Explorer 5.0 and Interne
HKCU\Software\Policies\Microsoft\Internet Expl Only Internet Explorer 6.0
HKLM\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 7.0 and Interne
HKLM\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 8.0
HKCU\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 8.0
HKLM\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 5.0 and Interne
HKLM\Software\Policies\Microsoft\Internet Expl Internet Explorer 7.0 to Internet Expl
HKCU\Software\Policies\Microsoft\Internet Expl Internet Explorer 7.0 to Internet Expl
HKLM\Software\Policies\Microsoft\Internet Ex At least Internet Explorer 7.0
HKCU\Software\Policies\Microsoft\Internet Ex At least Internet Explorer 7.0
HKLM\Software\Policies\Microsoft\Internet Explo Only Internet Explorer 5.0 and Interne
HKCU\Software\Microsoft\Outlook Express!Block Only Internet Explorer 6.0
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 5.0. Not
HKCU\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 5.0 through In
HKCU\Software\Policies\Microsoft\Internet Explo At least Internet Explorer 5.0. Not
Only Internet Explorer 5.0 and Interne
HKLM\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 5.0 through In
HKCU\Software\Policies\Microsoft\Internet ExplorOnly Internet Explorer 5.0 through In
HKLM\Software\Policies\Microsoft\Windows\Curren At least Internet Explorer 5.0
HKLM\Software\Microsoft\Windows\CurrentVersi Only Internet Explorer 5.0 and Interne
HKLM\Software\Policies\Microsoft\Internet Exp At least Internet Explorer 7.0. Not
HKCU\Software\Policies\Microsoft\Internet Exp At least Internet Explorer 7.0. Not
HKLM\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 7.0 in Wind
HKCU\Software\Policies\Microsoft\Windows\CurreAt least Internet Explorer 7.0 in Wind
HKLM\Software\Policies\Microsoft\Windows\CurreOnly Internet Explorer 6.0 in Window
HKCU\Software\Policies\Microsoft\Windows\CurreOnly Internet Explorer 6.0 in Window
HKLM\Software\Policies\Microsoft\Windows\Curr At least Internet Explorer 7.0 in Wind
HKCU\Software\Policies\Microsoft\Windows\Curr At least Internet Explorer 7.0 in Wind
HKLM\Software\Policies\Microsoft\Windows\Curr At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Windows\Curr At least Internet Explorer 6.0 in Wi
HKLM\Software\Policies\Microsoft\Windows\Curr Only Internet Explorer 6.0 in Window
HKCU\Software\Policies\Microsoft\Windows\Curr Only Internet Explorer 6.0 in Window
HKLM\Software\Policies\Microsoft\Windows\Curren
At least Internet Explorer 6.0 in Wi
HKCU\Software\Policies\Microsoft\Windows\Curren
HKCU\SOFTWARE\Policies\Microsoft\Internet ExplAt least Internet Explorer 7.0
HKLM\Software\Policies\Microsoft\Internet E At least Internet Explorer 10.0
HKCU\Software\Policies\Microsoft\Internet E At least Internet Explorer 10.0
HKCU\Software\Policies\Microsoft\IEAK!NoAutomAt least Internet Explorer 7.0
HKCU\Software\Microsoft\Windows\CurrentVersioOnly Internet Explorer 5.0 and Interne
HKLM\Software\Policies\Microsoft\Windows\AxInst At least Internet Explorer 8.0
HKCU\Software\Policies\Microsoft\Windows\AxInst At least Internet Explorer 8.0
HKCU\Software\Policies\Microsoft\Internet Explorer
HKLM\Software\Policies\Microsoft\Internet Explorer
HKCU\Software\Policies\Microsoft\Internet Explorer
HKLM\Software\Policies\Microsoft\Internet Explore
HKLM\Software\Policies\Microsoft\Internet Explo Internet Explorer 8.0 to Internet Expl
HKCU\Software\Policies\Microsoft\Internet Explo Internet Explorer 8.0 to Internet Expl
HKLM\Software\Policies\Microsoft\Internet Exp Internet Explorer 8.0 to Internet Expl
HKCU\Software\Policies\Microsoft\Internet Exp Internet Explorer 8.0 to Internet Expl
HKLM\Software\Microsoft\Internet Explorer\WMI At least Internet Explorer 8.0
HKCU\Software\Microsoft\Internet Explorer\WMITAt least Internet Explorer 8.0
HKLM\Software\Microsoft\Internet Explorer\WM At least Internet Explorer 8.0
HKCU\Software\Microsoft\Internet Explorer\WM At least Internet Explorer 8.0
HKCU\Software\Microsoft\Internet Explorer\WMI At least Internet Explorer 8.0
HKCU\Software\Microsoft\Internet Explorer\WMI At least Internet Explorer 8.0
HKCU\Software\Policies\Microsoft\Windows\HandAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\HandAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\iSCSIAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\iSC At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\iSCSI!At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\iSCS At least Windows Vista
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2008 R2 or
HKLM\Software\Microsoft\Windows\CurrentVersi At least Windows Server 2012 Windo
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Netlogon\Pa At least Windows Server 2012 Windo
HKLM\System\CurrentControlSet\Control\Lsa\Ke At least Windows Server 2003 operat
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows Server Technical P
HKLM\Software\Policies\Microsoft\Windows\LanmAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Lan At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\LanmAt least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Lan At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Lan At least Windows Server 2012 R2 Wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\LLT At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\LLT At least Windows Vista
HKLM\Software\Microsoft\Windows\CurrentVersi Windows Server 2003 and versions o
HKLM\Software\Microsoft\Windows\CurrentVersi Windows 2000 only
HKLM\Software\Policies\Microsoft\Windows NT\CAt least Windows Server 2003 operat
HKLM\Software\Microsoft\Windows\CurrentVersioWindows Server 2003 Windows XP an
HKCU\Software\Microsoft\Windows\CurrentVersi Windows 2000 only
HKLM\Software\Microsoft\Windows\CurrentVersioWindows operating systems from Wi
HKLM\Software\Policies\Microsoft\Windows\Sy Windows Server 2008 R2 and Window
HKLM\Software\Policies\Microsoft\Windows\Sy At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\WindowsMedi At least Windows Vista
HKLM\Software\Policies\Microsoft\WindowsMedi At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\LocaWindows Server 2012 Windows 8 Win
HKLM\Software\Policies\Microsoft\MicrosoftEdge\Only Microsoft Edge 1.0
HKCU\Software\Policies\Microsoft\MicrosoftEdge\Only Microsoft Edge 1.0
HKLM\Software\Policies\Microsoft\MicrosoftEdg Only Microsoft Edge 1.0
HKCU\Software\Policies\Microsoft\MicrosoftEdg Only Microsoft Edge 1.0
HKLM\Software\Policies\Microsoft\MicrosoftEdge Only Microsoft Edge 1.0
HKCU\Software\Policies\Microsoft\MicrosoftEdge Only Microsoft Edge 1.0
HKLM\Software\Policies\Microsoft\MicrosoftEdge Only Microsoft Edge 1.0
HKCU\Software\Policies\Microsoft\MicrosoftEdge Only Microsoft Edge 1.0
HKCU\Software\Policies\Microsoft\MMC!Restric At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC!Restrict At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{B7084 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{C96401 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{C96401 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{1AA7F At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{1F5EE At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{3F276E At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{C2FE4 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{9EC889 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{900872 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{634BDEAt least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{394C0 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{b05 At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{2E19B6 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{6E8E0 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{6d88At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{34AB8EAt least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{B52C1 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{5880CDAt least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{243E2 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{DAB1A At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{B1AFF At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{BD95B At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{03f1f94At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{7AF60 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{0F362 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{E12BB At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{8FC0B7 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{D70A2 Windows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\MMC\{6DC38 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{0F6B95 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{0F6B95 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{FC7158 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{DEA8A At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{0E752 At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\FX:{a1b At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{40B666 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{40B666 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{942A8E At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{BACF5 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{06993 At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{2DA6A At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{B6F9C At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{B6F9C At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{c40d66aAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{d52492 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{40B666 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{40B666 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{fe8831 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{7E4554 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{1BC97 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{EBC53 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{D967F At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{E355E5 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{1C5DA At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{de75156At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{53D6A At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{A994E1 At least Windows Server 2003
HKCU\Software\Policies\Microsoft\MMC\{C9BC9 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{74246bfAt least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{677A2 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{43668E At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{8EAD3 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{b05 At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\FX:{D27 At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{753ED At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{FF5903 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\FX:{89c At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{8F8F8D Windows Server 2003 only
HKCU\Software\Policies\Microsoft\MMC\{A841B At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{95AD7 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{DEA8A At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{5D617 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{a1b At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{18BA7 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{6630At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{7478E At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{FD57D At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{3D5D0 At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\MMC\{1AA7F At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{3CB69 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{011BE2 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{5ADF5BAt least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{18eaAt least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{45ac8c At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{E26D0 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{B91B60At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{7d3 At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\FX:{b055At least Windows Vista
HKCU\Software\Policies\Microsoft\MMC\{23DC5 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{5C6592 At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\{9FE24B At least Windows Server 2008
HKCU\Software\Policies\Microsoft\MMC\{C11D2FAt least Windows Server 2008
HKCU\Software\Policies\Microsoft\MMC\FX:{317cAt least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\FX:{317cAt least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\{dbfca50At least Windows 2000
HKCU\Software\Policies\Microsoft\MMC\FX:{813 At least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\FX:{f9f6 At least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\FX:{671 At least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\FX:{f78f At least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\FX:{f8ab At least Windows Server 2003 R2
HKCU\Software\Policies\Microsoft\MMC\FX:{f8ab At least Windows Server 2003 R2
HKCU\Software\Microsoft\Windows\CurrentVersionAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\TaskAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Tas At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Tas At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\WAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Scri At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Inst At least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\InstalAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\InstalAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\InstaWindows Installer v4.0
HKLM\Software\Policies\Microsoft\Windows\InstaAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\InstalWindows Installer v3.0
HKCU\Software\Policies\Microsoft\Windows\InstaAt least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\InstalAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\InstalWindows Installer v3.0
HKLM\Software\Policies\Microsoft\Windows\InstaAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Install
Microsoft Windows XP or Windows 20
HKLM\Software\Policies\Microsoft\Windows\Inst Windows Installer v3.0
HKCU\Software\Policies\Microsoft\Windows\InstaAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Inst Unknown
HKLM\Software\Policies\Microsoft\Windows\Inst Unknown
HKLM\SOFTWARE\Policies\Microsoft\Windows\Net At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\N At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\NetwAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Netwo At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Netwo At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Netlogon\Pa At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Netlogon\Para At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Netlogon\Par At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Netlogon\Para At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Netlogon\Par At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Netlogon\Para At least Windows Server 2012 R2 or
HKLM\Software\Policies\Microsoft\Netlogon\Para At least Windows Vista
HKLM\Software\Policies\Microsoft\Netlogon\Para At least Windows Vista
HKLM\Software\Policies\Microsoft\Netlogon\Par At least Windows Vista
HKLM\Software\Policies\Microsoft\Netlogon\Para At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Netlogon\Par At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Netlogon\Pa At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\Ne Microsoft Windows Server 2003 Wind
HKCU\Software\Policies\Microsoft\Windows\Net Microsoft Windows Server 2003 Wind
HKLM\Software\Policies\Microsoft\Windows\Net At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\NetwWindows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\Windows\Net At least Windows 2000 Service Pack 1
HKCU\Software\Policies\Microsoft\Windows\NetwAt least Windows 2000 Service Pack 1
HKCU\Software\Policies\Microsoft\Windows\Net Windows Server 2003 and Windows X
HKCU\Software\Policies\Microsoft\Windows\NetwMicrosoft Windows XP Professional w
HKCU\Software\Policies\Microsoft\Windows\Net Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\NetwWindows Server 2003 and Windows X
HKCU\Software\Policies\Microsoft\Windows\Ne Microsoft Windows Server 2003 Wind
HKCU\Software\Policies\Microsoft\Windows\Ne Windows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\Windows\Ne At least Windows 2000 Service Pack 1
HKLM\Software\Policies\Microsoft\Windows\Net Microsoft Windows Server 2003 Wind
HKCU\Software\Policies\Microsoft\Windows\Netwo Microsoft Windows Server 2003 Wind
HKLM\Software\Policies\Microsoft\Windows\Net At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\TCPIP At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\Net At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\NeAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\Netw At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Net At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Net Windows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\Windows\NetCAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\NetCAt least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\NetCWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\Net At least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Net At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\NetCWindows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\Windows\NetCAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\NetCAt least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\NetCAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\NetCAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Net Windows XP Professional only
HKLM\Software\Policies\Microsoft\Windows\NetCAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\NetCAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\NetCAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\NetCAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Net At least Windows Server 2012 Windo
HKLM\Software\policies\Microsoft\Peernet!DisablAt least Windows XP Professional wit
HKLM\Software\policies\Microsoft\Peernet\Pnrp\IAt least Windows XP Professional wit
HKLM\Software\policies\Microsoft\Peernet\Pnrp\ At least Windows XP Professional wit
HKLM\Software\policies\Microsoft\Peernet!Ign At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\PassportFor At least Windows 10 Server or Windo
HKLM\SOFTWARE\Policies\Microsoft\PassportForW At least Windows 10 Server or Windo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersi At least Windows 10 Server or Windo
HKLM\SOFTWARE\Policies\Microsoft\PassportFo At least Windows 10 Server or Windo
HKCU\SOFTWARE\Policies\Microsoft\PassportFo At least Windows 10 Server or Windo
HKLM\SOFTWARE\Policies\Microsoft\PassportFo At least Windows 10 Server or Windo
HKCU\SOFTWARE\Policies\Microsoft\PassportFo At least Windows 10 Server or Windo
HKCU\SOFTWARE\Policies\Microsoft\PassportFor At least Windows 10 Server or Windo
HKCU\SOFTWARE\Policies\Microsoft\PassportFor At least Windows 10 Server or Windo
HKCU\SOFTWARE\Policies\Microsoft\PassportForW At least Windows 10 Server or Windo
HKCU\SOFTWARE\Policies\Microsoft\PassportForW At least Windows 10 Server or Windo
HKLM\Software\Policies\Microsoft\Windows\App At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\SerAt least Windows 7 or Windows Serv
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CacAt least Windows 7 or Windows Serv
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Ho At least Windows 7 or Windows Serv
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\CooAt least Windows 7 or Windows Serv
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Ho At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\Serv At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\HosAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\PeerDist\RetAt least Windows Server 2012 Windo
HKCU\SOFTWARE\Policies\Microsoft\PenTraining!Windows Vista only
HKLM\SOFTWARE\Policies\Microsoft\PenTraining!Windows Vista only
HKLM\Software\Policies\Microsoft\Power\Power At least Windows Vista
HKLM\Software\Policies\Microsoft\Power\PowerSAt least Windows Vista
HKLM\Software\Policies\Microsoft\Power\Power Windows Vista only
HKLM\Software\Policies\Microsoft\Power\Power Windows Vista only
HKCU\Software\Policies\Microsoft\Windows\Sy Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT! At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Power\PowerSAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Power\Power At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Power At least Microsoft Windows 7 or Win
HKCU\Software\Policies\Microsoft\Windows\Power At least Microsoft Windows 7 or Win
HKLM\Software\Policies\Microsoft\Windows\Pow At least Microsoft Windows 7 or Win
HKCU\Software\Policies\Microsoft\Windows\Pow At least Microsoft Windows 7 or Win
HKLM\Software\Policies\Microsoft\Windows\Pow At least Microsoft Windows 7 or Win
HKCU\Software\Policies\Microsoft\Windows\PoweAt least Microsoft Windows 7 or Win
HKCU\Software\Policies\Microsoft\PreviousVersi Supported Windows Vista through W
HKLM\Software\Policies\Microsoft\PreviousVersi Supported Windows Vista through W
HKCU\Software\Policies\Microsoft\PreviousVersio Supported Windows Vista through W
HKLM\Software\Policies\Microsoft\PreviousVersioSupported Windows Vista through W
HKCU\Software\Policies\Microsoft\PreviousVersio Supported Windows Vista through W
HKLM\Software\Policies\Microsoft\PreviousVersioSupported Windows Vista through W
HKCU\Software\Policies\Microsoft\PreviousVersi At least Windows Vista
HKLM\Software\Policies\Microsoft\PreviousVersi At least Windows Vista
HKCU\Software\Policies\Microsoft\PreviousVersi At least Windows Vista
HKLM\Software\Policies\Microsoft\PreviousVersi At least Windows Vista
HKCU\Software\Policies\Microsoft\PreviousVersi Supported Windows Vista through W
HKLM\Software\Policies\Microsoft\PreviousVersi Supported Windows Vista through W
HKLM\Software\Policies\Microsoft\Windows NT\PrWindows 2000 only
HKLM\Software\Policies\Microsoft\Windows NT\Pri At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows NT\PrWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT\PAt least Windows Vista
HKCU\Software\Policies\Microsoft\Windows NT\PAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows NT\PrWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT\PWindows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\Windows NT\PWindows Server 2008 and Windows V
HKCU\Software\Policies\Microsoft\Windows NT\PrWindows Server 2008 and Windows V
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows 2000
HKCU\Software\Policies\Microsoft\Windows NT\PrSupported Windows XP SP1 through
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows Vista
HKCU\Software\Policies\Microsoft\Windows NT\PrAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows NT\Pri
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows NT At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows NT\PAt least Windows Server 2003
HKLM\Software\Policies\Microsoft\Windows NT\PrWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT\PAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows NT\PrAt least Windows Server 2003 operat
HKCU\Software\Microsoft\Windows\CurrentVersi At least Windows Vista
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Vista only
HKLM\Software\Policies\Microsoft\Windows\PschAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Psc At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\PscheAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\PscheAt least Windows Server 2003 operat
HKLM\SOFTWARE\Policies\Microsoft\Windows\RelAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiWindows Server 2008 R2 and Window
HKLM\Software\Policies\Microsoft\Windows NT\Re At least Windows Server 2003
HKLM\Software\Policies\Microsoft\PCHealth\Erro Windows Server 2003 only
HKLM\Software\Policies\Microsoft\Windows NT\Re Windows Server 2003 only
HKLM\Software\Policies\Microsoft\Windows NT\RAt least Windows Server 2003 operat
HKLM\Software\policies\Microsoft\Windows NT\Te At least Windows Vista
HKLM\Software\policies\Microsoft\Windows NT\Te At least Windows Vista
HKLM\Software\policies\Microsoft\Windows NT\TAt least Windows Vista
HKLM\Software\policies\Microsoft\Windows NT\TAt least Windows Vista
HKLM\Software\policies\Microsoft\Windows NT\Te At least Windows Server 2003 operat
HKLM\Software\policies\Microsoft\Windows NT\Te At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\Rem At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\RemAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\RemAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Re At least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\RemoAt least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\Re At least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\Re At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows NT\RAt least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\Windows NT\Rp
At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Windows NT At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT\RAt least Windows XP Professional wit
HKLM\Software\Microsoft\Windows\CurrentVersi At least Windows 2000
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScrAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\Sch At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\WAny version of Microsoft Windows wi
HKCU\SOFTWARE\Policies\Microsoft\Windows\W Any version of Microsoft Windows wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Microsoft Windows Vista or any vers
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Any version of Microsoft Windows wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiAny version of Microsoft Windows wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows XP Windows Server
HKCU\SOFTWARE\Policies\Microsoft\Windows\Win Any version of Microsoft Windows wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows 8 or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows 8.1 or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\WMicrosoft Windows 8.1 or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\WMicrosoft Windows 8.1. Not supporte
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows 8.1. Not supporte
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows 8.1. Not supporte
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Microsoft Windows XP or Windows Ser
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows Vista or any vers
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Microsoft Windows Vista or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Any version of Microsoft Windows wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows XP or Windows Ser
HKLM\SOFTWARE\Policies\Microsoft\Windows\WMicrosoft Windows XP Windows Serve
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Microsoft Windows XP Windows Server
HKCU\SOFTWARE\Policies\Microsoft\Windows\Win Any version of Microsoft Windows wi
HKCU\SOFTWARE\Policies\Microsoft\Windows\WiAny version of Microsoft Windows wi
HKCU\SOFTWARE\Policies\Microsoft\Windows\WiAny version of Microsoft Windows wi
HKLM\SOFTWARE\Policies\Microsoft\Windows\Win Microsoft Windows XP Windows Server
HKCU\SOFTWARE\Policies\Microsoft\Windows\Expl Microsoft Windows 8 or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiAt least Windows Server Technical P
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiAt least Windows Server Technical P
HKLM\SOFTWARE\Policies\Microsoft\Windows\WiMicrosoft Windows 7 or later
HKLM\SOFTWARE\Policies\Microsoft\Windows\WMicrosoft Windows 7 or later
HKLM\Software\Policies\Microsoft\Windows NT\SeAt least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\Loca At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\LocaAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Loca At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\LocaAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\LocatAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\LocatAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Se At least Windows Server 2008
HKLM\Software\Policies\Microsoft\Windows\Serv At least Windows Server 2008
HKLM\Software\Policies\Microsoft\Windows\Serv Windows Server 2008 and Windows Se
HKLM\Software\Policies\Microsoft\Windows NT\ At least Windows Server 2003
HKLM\Software\Policies\Microsoft\Windows\SettiAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Sett At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Sett At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\SettiAt least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows NT\SAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows NT\SAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Tabl At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Tabl At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows NT\S At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows NT\S At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Ho At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Sys At least Windows 2000
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Vista only
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows 7 and
HKLM\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows 7 and
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Server 2008 Windows 7 and
HKLM\Software\Microsoft\Windows\CurrentVersi Windows Server 2008 Windows 7 and
HKLM\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows 7 and
HKLM\Software\Policies\Microsoft\Windows\OneDAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\Sma At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Smar At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\CeAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Cer At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Cert At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\Smar At least Windows Vista Service Pack 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\SmAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\ScP At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows\Sma At least Windows Server 2008 R2 or
HKLM\Software\Policies\SNMP\Parameters\Valid At least Windows Server 2003 operat
HKLM\Software\Policies\SNMP\Parameters\PermiAt least Windows Server 2003 operat
HKLM\Software\Policies\SNMP\Parameters\TrapCo At least Windows Server 2003 operat
HKCU\SOFTWARE\Policies\Microsoft\SoundRecordAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\SoundRecor At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows\FCAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\FCI!CAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\ADAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows\Exp At least Windows Server 2012 Windo
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows 7 Win
HKCU\Software\Policies\Microsoft\Windows\Expl At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Expl Windows Server 2008 R2 and Window
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 and Windows V
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2008 Windows Serv
HKCU\Software\Microsoft\Windows\CurrentVersionWindows Server 2008 Windows Serv
HKCU\Software\Policies\Microsoft\Windows\ExploAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Expl Windows Server 2012 R2 Windows 8.1
HKCU\Software\Policies\Microsoft\Windows\Expl Windows Server 2012 R2 Windows 8.1
HKLM\Software\Policies\Microsoft\Windows\ExploAt least Windows 10 Server Windows
HKCU\Software\Policies\Microsoft\Windows\ExploAt least Windows 10 Server Windows
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Server 2008 Windows Serv
HKCU\Software\Microsoft\Windows\CurrentVersi At least Windows Server 2003 operat
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2012 R2 Windows 8
HKCU\Software\Microsoft\Windows\CurrentVersionWindows Server 2012 R2 Windows 8
HKCU\Software\Microsoft\Windows\CurrentVersioWindows Server 2012 R2 Windows 8.
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Server 2008 Windows Serve
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Server 2003 and Windows X
HKCU\Software\Microsoft\Windows\CurrentVersi At least Windows 2000 through Wind
HKCU\Software\Policies\Microsoft\Windows\Exp Windows Server 2008 R2 and Window
HKCU\Software\Policies\Microsoft\Windows\Expl At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\Exp Windows Server 2012 R2 Windows 8.1
HKCU\Software\Policies\Microsoft\Windows\Exp Windows Server 2012 R2 Windows 8.1
HKLM\Software\Policies\Microsoft\Windows NT\SAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows NT\SAt least Windows Server 2008 R2 or
HKCU\software\policies\microsoft\TabletTip\1.7!DWindows Server 2008 Windows 7 and
HKLM\software\policies\microsoft\TabletTip\1.7! Windows Server 2008 Windows 7 and
HKCU\software\policies\microsoft\TabletTip\1.7! Windows Server 2008 Windows 7 and
HKCU\software\policies\microsoft\TabletTip\1.7! At least Windows Vista
HKLM\software\policies\microsoft\TabletTip\1.7! At least Windows Vista
HKCU\software\policies\microsoft\TabletTip\1.7! At least Windows Vista
HKLM\software\policies\microsoft\TabletTip\1.7! At least Windows Vista
HKCU\software\policies\microsoft\TabletTip\1.7! Windows Vista only
HKLM\software\policies\microsoft\TabletTip\1.7! Windows Vista only
HKCU\software\policies\microsoft\TabletTip\1.7!DAt least Windows Server 2008 R2 or
HKLM\software\policies\microsoft\TabletTip\1.7!DAt least Windows Server 2008 R2 or
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisaWindows Vista only
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!Disa Windows Vista only
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!DisAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!DisAt least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!Tu Windows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!Tu Windows Server 2008 Windows 7 and
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!Pr At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!Pr At least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreAt least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!Pr At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!Pr At least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!TurAt least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PreWindows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreWindows Server 2008 Windows 7 and
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!PrevWindows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!PreWindows Server 2008 Windows 7 and
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\ExploAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\ExploAt least Windows Server Technical P
HKCU\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2012 R2 Wi
HKCU\Software\Policies\Microsoft\Windows\Explor
At least Windows Server Technical P
HKCU\Software\Policies\Microsoft\Windows\Expl At least Windows Server 2012 R2 Wi
HKCU\Software\Policies\Microsoft\Windows\Task Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\TaskWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\TCPIAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\TCP At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\TCPIPAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\TCP At least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Services\Tcpip\ At least Windows Vista Service Pack 1
HKLM\System\CurrentControlSet\Services\Tcpip\PAt least Windows Server 2008 R2 or
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2008
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2008
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2008
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2008
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Windows Server 2008 R2 only
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2008
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TeAt least Windows Server 2008
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\TeAt least Windows Server 2008
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2008 R2
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2008 R2
HKLM\SOFTWARE\Policies\Microsoft\Windows\SeAt least Windows Server 2008 R2
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2008 R2
HKLM\SOFTWARE\Policies\Microsoft\Windows NT At least Windows Server Technical Pr
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Windows 7 with Service Pack 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T Windows 7 with Service Pack 1
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2003 operat
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2003 operat
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2003 operat
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2003 operat
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Windows Server 2008 Windows Serve
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows NTAt least Windows Server 2003 operat
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Te
At least Windows XP and Windows Se
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2003
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2003 with Se
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2003 with Se
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2003 with Se
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows 2000 Terminal Servi
HKLM\Software\Microsoft\Windows\CurrentVersioAt least Windows 2000 Terminal Servi
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows 8 Enterprise or Wi
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Windows Server 2008 R2 Windows Se
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Windows Server 2008 R2 Windows Se
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2003
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2003 with Se
HKLM\SOFTWARE\Policies\Microsoft\Windows NTAt least Windows Server 2003
HKLM\SOFTWARE\Policies\Microsoft\Windows NTAt least Windows Server 2003 with Se
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2008 R2
HKLM\Software\Policies\Microsoft\Windows NT\Te
HKLM\Software\Policies\Microsoft\Windows NT\Te
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2003 operat
At least Windows Server 2008 or Win
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\Te
At least Windows Server 2008 or Win
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Vista
Windows Server 2003 with Service Pa
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\TAt least Windows Server 2003 Enterpr
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2003 Enterpr
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Vista with Service P
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Vista with Service P
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Vista with Service P
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Vista with Service P
HKCU\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Vista with Service P
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows NTAt least Windows Server 2012 R2 or
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T Windows 7 or Windows Server 2008 R2
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows 7 with Service Pack
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T Windows 7 or Windows Server 2008 R2
HKLM\Software\Policies\Microsoft\Windows NT\TWindows 7 or Windows Server 2008 R2
HKCU\SOFTWARE\Policies\Microsoft\Workspaces!At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\T At least Windows 8 or Windows RT
HKLM\Software\Microsoft\Windows\CurrentVersionAt least Windows 10 Server Windows
HKCU\Software\Policies\Microsoft\Windows\Exp Windows Vista Service Pack 1
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!Tu Windows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!Tu Windows Server 2008 Windows 7 and
HKCU\SOFTWARE\Policies\Microsoft\TabletPC!TurWindows Server 2008 R2 and Window
HKLM\SOFTWARE\Policies\Microsoft\TabletPC!Tu Windows Server 2008 R2 and Window
HKLM\Software\Policies\Microsoft\TPM!ActiveDi At least Windows Vista
HKLM\Software\Policies\Microsoft\TPM!OSManagAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\Tpm\Block At least Windows Vista
HKLM\Software\Policies\Microsoft\TPM\BlockedCAt least Windows Vista
HKLM\Software\Policies\Microsoft\TPM\BlockedCAt least Windows Vista
HKLM\Software\Policies\Microsoft\Tpm!StandardUAt least Windows Server 2012 Windo
HKCU\Software\Policies\Microsoft\Windows\BackWindows Vista only
HKLM\Software\Policies\Microsoft\Windows\BackWindows Vista only
HKCU\Software\Policies\Microsoft\Windows\BackAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\BackAt least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\Backu At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Backu At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Windows\SysteAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\SysteAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Syst Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\SysteAt least Windows 2000
HKLM\Software\Policies\Microsoft\Windows\Syst Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows\SysteAt least Windows 2000
HKCU\Software\Policies\Microsoft\Windows\Syst At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Sys At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Adver At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Sy At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\FVE!ActiveDir Windows Server 2008 and Windows V
HKLM\SOFTWARE\Policies\Microsoft\FVE!UseRec Windows Server 2008 and Windows V
HKLM\SOFTWARE\Policies\Microsoft\FVE!Default At least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\FVE!Encryp Windows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\FVE!Encrypt At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\FVE!MorBehavWindows Server 2012 R2 Windows 8.
HKLM\Software\Policies\Microsoft\FVE!Recovery At least Windows 10 Server or Windo
HKLM\Software\Policies\Microsoft\FVE!UseEnhan At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!OSPassph At least Windows Server 2012 or Win
HKLM\Software\Policies\Microsoft\FVE!TPMAutoRAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\FVE!DisallowS At least Windows Server 2012 or Win
HKLM\Software\Policies\Microsoft\FVE!IdentificatAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!Certificat At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!OSUseEnha At least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSReco At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSEncryAt least Windows Server 2012 or Win
HKLM\SOFTWARE\Policies\Microsoft\FVE!Enable Windows Server 2008 and Windows V
HKLM\SOFTWARE\Policies\Microsoft\FVE!UseAd At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSMan At least Windows Server 2012 or Win
HKLM\SOFTWARE\Policies\Microsoft\FVE\PlatformWindows Server 2008 Windows 7 and
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatf At least Windows Server 2012 or Win
HKLM\SOFTWARE\Policies\Microsoft\FVE\OSPlatf At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\FVE!Minimum At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\FVE!OSHardw At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\FVE!OSEnablePAt least Windows Server 2012 or Win
HKLM\Software\Policies\Microsoft\FVE!OSAllowSeAt least Windows Server 2012 Windo
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVRec At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!FDVPassp At least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies\Micros At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!FDVDisc At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!FDVAllow At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVEncrAt least Windows Server 2012 or Win
HKLM\SOFTWARE\Policies\Microsoft\FVE!FDVHardAt least Windows Server 2012 or Win
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVRecAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!RDVConfi At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!RDVPassp At least Windows Server 2008 R2 or
HKLM\System\CurrentControlSet\Policies\Micros At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!RDVDisc At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\FVE!RDVAllow At least Windows Server 2008 R2 or
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVEncrAt least Windows Server 2012 or Win
HKLM\SOFTWARE\Policies\Microsoft\FVE!RDVHardAt least Windows Server 2012 or Win
HKLM\Software\Policies\Microsoft\W32Time\ConfAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\W32time\Para At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\W32time\TimeAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\W32Time\TimeAt least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Wc At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\WcmAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\WcmAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Wc At least Windows Server 2012 Windo
HKCU\Software\Microsoft\Windows\CurrentVersi Windows Vista only
HKLM\Software\Microsoft\Windows\CurrentVersi Windows Vista only
HKLM\Software\Policies\Microsoft\Windows\Bac At least Windows Server 2008
HKLM\Software\Policies\Microsoft\Windows\Ba At least Windows Server 2008
HKCU\Software\Policies\Microsoft\Windows\WindoAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\WindoAt least Windows Vista
HKCU\Software\Policies\Microsoft\Windows\WCNAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\WCNAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\WCNAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows DefenAt least Windows Server Technical P
HKLM\Software\Policies\Microsoft\Windows DefenAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows Defe At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows Def At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows DefenAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows Defe At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows Def At least Windows Vista
HKCU\Software\Microsoft\Windows\CurrentVersion\
Windows Server 2008 Windows Serv
HKCU\Software\Microsoft\Windows\CurrentVers At least Windows 2000
HKCU\Software\Microsoft\Windows\CurrentVersi Windows XP Professional only
HKCU\Software\Microsoft\Windows\CurrentVersioAt least Windows Server 2003
HKCU\Software\Microsoft\Windows\CurrentVersionWindows Server 2003 Windows XP an
HKCU\Software\Microsoft\Windows\CurrentVersionAt least Windows XP Professional wit
HKLM\Software\Microsoft\Windows\CurrentVersionAt least Windows XP Professional wit
HKLM\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\CurreAt least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\CurreAt least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Curr At least Windows Server 2008 R2 or
HKCU\Software\Policies\Microsoft\Windows\Curr At least Windows Server 2008 R2 or
HKLM\Software\Policies\Microsoft\Windows\Explor
HKCU\Software\Policies\Microsoft\Windows\Explor
HKLM\Software\Policies\Microsoft\Windows\Expl At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Exp At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\SysteAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows NT\WiWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT\WWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT\WiWindows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\Windows NT\WWindows Server 2003 Windows XP an
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSAt least Windows XP Professional wit
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirew At least Windows XP Professional wit
HKLM\SOFTWARE\Policies\Microsoft\WindowsFireAt least Windows XP Professional wit
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewaAt least Windows XP Professional wit
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewa At least Windows XP Professional wit
HKCU\SOFTWARE\Policies\Microsoft\Windows MaAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows MaAt least Windows Vista
HKCU\SOFTWARE\Policies\Microsoft\Windows MaiAt least Windows Vista
HKLM\SOFTWARE\Policies\Microsoft\Windows Mai At least Windows Vista
HKLM\Software\Policies\Microsoft\WMDRM!DisabAt least Windows Server 2003
HKLM\Software\Policies\Microsoft\WindowsMedi Windows Media Player 9 Series and la
HKCU\Software\Policies\Microsoft\WindowsMedi Windows Media Player 9 Series and la
HKLM\Software\Policies\Microsoft\WindowsMediaWindows Media Player 11 for Windows
HKCU\Software\Policies\Microsoft\WindowsMediaWindows Media Player 9 Series and la
HKLM\Software\Policies\Microsoft\WindowsMediaWindows Media Player 9 Series and la
HKCU\Software\Policies\Microsoft\WindowsMediaP Windows Server 2003 Windows XP an
HKLM\Software\Policies\Microsoft\WindowsMediaWindows Media Player 9 Series and la
HKCU\Software\Policies\Microsoft\WindowsMedi Windows Media Player for Windows XP
HKCU\Software\Policies\Microsoft\WindowsMed Windows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\WindowsMediaWindows Media Player for Windows XP
HKCU\Software\Policies\Microsoft\WindowsMedi Windows Server 2003 Windows XP an
HKCU\Software\Policies\Microsoft\WindowsMedi Windows Media Player for Windows XP
HKLM\Software\Policies\Microsoft\Messenger\Cl At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Messenger\Cl At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Messenger\Cli At least Windows Server 2003 operat
HKCU\Software\Policies\Microsoft\Messenger\Cli At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\WinRAt least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Win At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\Wi At least Windows Vista
HKLM\Software\Policies\Microsoft\Windows\W At least Windows Vista
HKCU\Software\Microsoft\Windows\CurrentVersioWindows XP Professional only
HKLM\Software\Policies\Microsoft\Windows\W Windows 7 Windows Server 2008 R2
HKCU\Software\Policies\Microsoft\Windows\W Windows 7 Windows Server 2008 R2
HKCU\Software\Policies\Microsoft\Windows\W Windows 7 Windows Server 2008 R2
HKLM\Software\Policies\Microsoft\Windows\W Windows 7 Windows Server 2008 R2
HKCU\Software\Microsoft\Windows\CurrentVers At least Windows XP Professional Se
HKLM\Software\Policies\Microsoft\Windows\Wi Windows XP Professional Service Pack
HKLM\Software\Policies\Microsoft\Windows\Wi At least Windows XP Professional Se
HKLM\Software\Policies\Microsoft\Windows\Win At least Windows XP Professional Se
HKLM\Software\Policies\Microsoft\Windows\W At least Windows Vista through Wind
HKLM\Software\Policies\Microsoft\Windows\Wi Windows Server 2008 Windows 7 and
HKLM\Software\Policies\Microsoft\Windows\W Windows Server 2008 Windows 7 and
HKLM\Software\Policies\Microsoft\Windows\W Windows XP Professional Service Pack
HKLM\Software\Policies\Microsoft\Windows\Wi At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Wi Windows 7 Windows Server 2008 R2
HKLM\Software\Policies\Microsoft\Windows\Win At least Windows Server 2003 operat
HKLM\Software\Policies\Microsoft\Windows\Wi At least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Wi At least Windows 10 Server Windows
HKLM\Software\Policies\Microsoft\Windows\WireAt least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\WorkAt least Windows 8.1 or Windows RT
HKCU\Software\Policies\Microsoft\Windows\WorkAt least Windows 8.1 or Windows RT
HKLM\Software\Policies\Microsoft\Windows\WorkAt least Windows Server 2012 R2 or
HKCU\SOFTWARE\Policies\Microsoft\Windows\Curre
HKCU\SOFTWARE\Policies\Microsoft\Windows\Curre
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrAt least Windows Server 2012 Windo
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurrAt least Windows Server 2012 Windo
HKCU\SOFTWARE\Policies\Microsoft\Windows\CurAt least Windows Server 2012 R2 Wi
HKLM\Software\Policies\Microsoft\Windows\Ww At least Windows Server 2012 Windo
HKLM\Software\Policies\Microsoft\Windows\Ww At least Windows Server 2012 Windo
Help Text New in Windows 10
This policy setting determines which 0
This policy setting controls the insta 0
Specifies the category of programs 0
Removes the "Add a program from CD- 0
Removes the "Add programs from Micr 0
Prevents users from viewing or insta 0
Removes the Add New Programs button 0
Prevents users from using Add or Re 0
Removes the Set Program Access and 0
Removes the Change or Remove Progra 0
Prevents users from using Add or Re 0
Removes links to the Support Info d 0
Removes the Add/Remove Windows Com 0
This policy setting determines wheth 1
Specifies whether to prevent the MS- 0
This policy controls the visibility 0
The policy controls the state of the 0
The policy controls the state of the 0
This policy controls the state of t 0
This setting exists only for backwa 0
This policy setting controls the sta 0
This policy setting controls the sta 0
This policy setting controls the stat 0
This policy setting allows you to ma 0
This policy setting allows you to m 0
Allows or denies development 0
This policy setting allows yo 1
Prevent users' app data from 1
Manages a Windows app's ability to sh 1
This policy setting lets you control 0
This policy setting lets you contro 0
This policy setting lets you turn on 0
This policy setting controls 1
This policy setting allows you to con 0
This policy setting allows you to man 0
This policy setting allows you to conf 0
This policy setting determines what 0
This policy setting sets the default 0
This policy setting sets the default 0
This policy setting allows you to pr 0
This policy setting allows you to tur 0
This policy setting disallows AutoPla 0
This policy setting disallows AutoPla 0
This policy setting lets you opt- 1
This policy setting allows or preven 0
This policy setting determines whet 0
This policy setting specifies the nu 0
This policy setting specifies the num 0
This policy setting limits the amount 0
This policy setting limits the networ 0
This policy setting limits the netwo 0
This policy setting determines if the 0
This policy setting limits the maximu 0
This policy setting limits the maximu 0
This policy setting specifies whether 0
This policy setting defines 0
This policy setting limits the number 0
This setting affects whether the BIT 0
If you enable this setting all Cust 0
This policy setting will enable tagg 0
This policy setting determines the ci 0
This policy setting determines the p 1
This policy setting directs the sys 0
This policy setting directs the sys 0
Disables the application sharing fea 0
Prevents users from allowing others 0
Prevents users from sharing anything 0
Prevents users from sharing command 0
Prevents users from sharing the whole 0
Prevents users from sharing Explore 0
Prevents users from sharing applicat 0
Disables the audio feature of NetMee 0
Prevents user from changing the Dir 0
Disables full duplex mode audio. U 0
Prevents users from receiving video. 0
Prevents users from sending video if 0
Limits the bandwidth audio and video 0
Make the automatic acceptance of in 0
Disables the Chat feature of NetMee 0
Disables the T.126 whiteboard featu 0
Disables the 2.x whiteboard feature 0
Disables the remote desktop sharing 0
Configures NetMeeting to download s 0
Prevents users from adding directory ( 0
Prevents users from turning on auto 0
Prevents users from changing the way 0
Disables the directory feature of Ne 0
Prevents users from receiving files 0
Prevents users from sending files to 0
Prevents users from viewing directo 0
Limits the size of files users can sen 0
Sets the URL NetMeeting will displ 0
Sets the level of security for both 0
Disables the Advanced Calling butto 0
Hides the Audio page of the Tools Op 0
Hides the General page of the Tools 0
Hides the Security page of the Tools 0
Hides the Video page of the Tools Op 0
This setting allows you to display o 0
This policy setting controls the defa 0
Disables all Control Panel programs 0
This policy setting controls which C 0
Disables the Display Control Panel. 0
Removes the Settings tab from Displa 0
Disables the Color (or Window Color) 0
Prevents the Screen Saver dialog fro 0
Enables desktop screen savers.If you 0
Specifies the screen saver for the us 0
Determines whether screen savers us 0
Specifies how much user idle time mu 0
Prevents users from adding or chang 0
Prevents users from changing the s 0
Prevents users from changing the mo 0
Prevents users from changing the des 0
This setting forces the theme color 0
This setting disables the theme gall 0
Specifies which theme file is applie 0
Prevents users or applications from 0
This setting allows you to force a sp 0
Prevents users from changing the siz 0
This policy setting controls whether 0
Prevents users from changing the ba 0
Disables the lock screen slide show s 0
Disables the lock screen camera togg 0
Forces Windows to use the specified 0
Forces the Start screen to use one o 0
Prevents users from changing the loo 0
This setting allows you to force a s 0
This policy setting allows an admini 0
This policy setting specifies a defa 0
This policy setting allows the admin 0
This policy setting allows you to co 0
This policy setting applies to appl 0
When running in restricted mode par 0
This policy setting requires the use 0
This policy setting prevents users 0
This policy setting prevents users f 0
This policy setting disables or remo 0
This policy setting determines the a 1
This policy setting determines the le 1
Allows you to specify that local com 0
Allows you to view and change a list 0
Set this policy to configure the us 1
Set this policy to specify an arbitr 1
Set this policy to define a cap for t 1
Set this policy to define the max cac 1
Set this policy to define the max tim 1
Enables Active Desktop and prevents 0
Disables Active Desktop and prevents 0
Prevents the user from enabling or d 0
Adds and deletes specified Web conte 0
Prevents users from adding Web cont 0
Prevents users from removing Web co 0
Prevents users from deleting Web co 0
Prevents users from changing the pro 0
Removes Active Desktop content and p 0
Permits only bitmap images for wall 0
Specifies the desktop background ("w 0
Displays the filter bar above the res 0
Hides the Active Directory folder in 0
Specifies the maximum number of obje 0
Prevents users from changing the path 0
Removes icons shortcuts and other 0
Prevents users from using the Deskto 0
Removes the Internet Explorer icon 0
This setting hides Computer from the 0
Removes most occurrences of the My 0
Removes the Network Locations icon 0
This setting hides Properties on the 0
This policy setting hides the Prope 0
Remote shared folders are not added 0
Removes most occurrences of the Rec 0
Removes the Properties option from t 0
Prevents users from saving certain 0
Prevents users from manipulating des 0
Prevents users from adjusting the le 0
Prevents windows from being minimiz 0
Changes behavior of Microsoft bus dr 0
Changes behavior of 3rd-party drive 0
Specifies whether Virtualization Bas 0
Deploy Code Integrity PolicyThis pol 1
This policy setting allows you to det 0
This policy setting allows you to all 0
This policy setting allows you to de 0
This policy setting allows you to spe 0
This policy setting allows you to sp 0
This policy setting allows you to pre 0
This policy setting establishes the a 0
This policy setting allows you to dis 0
This policy setting specifies a list 0
Determines how the system responds wh 0
This policy setting prevents redirect 0
This policy setting prevents redirect 0
This policy setting allows you to tu 0
Windows has a feature that sends "gen 0
Windows has a feature that allows a 0
This setting configures the locatio 0
Specifies whether the administrator 0
Specifies whether the administrator 0
This policy setting allows you to s 0
Specifies whether Digital Locker ca 0
Specifies whether Digital Locker ca 0
This policy setting substitutes cust 0
This policy setting determines the e 0
This policy setting turns off the bo 0
This policy setting turns off power 0
This policy setting turns off all su 0
This policy setting turns off the sol 0
This policy setting turns on and tur 0
This policy setting specifies the de 0
This policy setting extends the disk 0
Specifies that Distributed Link Trac 0
Specifies a connection-specific DNS s 0
Defines the DNS servers to which a co 0
Specifies the primary DNS suffix use 0
Specifies if a computer performing 0
Specifies if DNS client computers wi 0
Specifies if DNS dynamic update is 0
Specifies whether dynamic updates sh 0
Specifies the interval used by DNS c 0
Specifies the value of the time to li 0
Specifies the DNS suffixes to attach 0
Specifies the security level for dyn 0
Specifies if computers may send dyna 0
Specifies if the DNS client performs 0
Specifies if the devolution level th 0
Specifies that link local multicast 0
Specifies that computers may attach 0
Specifies that a multi-homed DNS cli 0
Specifies that the DNS client should 0
Specifies that NetBIOS over TCP/IP ( 0
Specifies that responses from link l 0
Specifies whether the DNS client sh 0
Specifies whether the DNS client sho 0
This policy setting controls the app 0
This policy setting controls the app 0
This policy setting controls the Star 0
This policy setting controls the abi 0
This policy setting allows you to turn 0
This policy setting allows you to re 0
This policy setting allows you to in 0
This policy setting controls the clou 1
If you enable this setting users will 0
This policy setting prevents Windows 0
This policy setting allows you to p 0
Disables help tips that Windows show 0
Disables help tips that Windows show 0
This policy setting prevents File Exp 0
This policy setting configures whet 0
This policy setting locks Enhanced S 0
This policy setting configures wheth 0
This policy setting allows you to cre 0
This policy setting configures how e 0
This policy setting turns off Window 0
This policy setting prevents the disp 0
This policy setting controls whethe 0
This policy setting controls Windows 0
This policy setting specifies applica 0
This policy setting controls the beh 0
This policy setting controls the beh 0
This policy setting specifies a corp 0
This policy setting limits Windows E 0
This policy setting limits Windows E 0
This policy setting determines the 0
This policy setting determines the c 0
This policy setting determines the b 0
This policy setting determines the b 0
This policy setting allows you to c 0
This policy setting controls resourc 0
This policy setting controls Event Lo 0
This policy setting specifies the sec 0
This policy setting controls Event L 0
This policy setting controls the loca 0
This policy setting specifies the max 0
This policy setting turns on logging. 0
This policy setting lets you configu 1
This is the program that will be invo 0
This specifies the command line par 0
This is the URL that will be passed 0
This policy setting configures File E 0
This policy setting allows administrat 0
This policy is similar to settings di 0
Disabling data execution prevention 0
Disabling heap termination on corrup 0
Sets the target of the More Informat 0
Disabling soft landing messages 1
This policy setting allows administr 1
Specifies whether the PC can use t 0
Specifies whether the PC can use s 0
Windows Runtime applications can pr 0
This policy setting configures the m 0
Determines whether the RPC protocol 0
Symbolic links can introduce vulnera 0
Compression can add to the processin 0
Encryption can add to the processing 0
Encrypting the page file prevents ma 0
These settings provide control over 0
Delete notification is a feature that 0
TXF deprecated features included sa 0
This policy setting allows the admi 0
This policy setting shows or hides th 0
Hides the Preview Pane in File Explo 0
This policy setting permits or prohi 0
Windows Game Recording and Broadcas 1
Manages download of game box art an 0
Tracks the last play time of games in 0
Manages download of game update in 0
This policy setting prevents a user f 0
This policy setting prevents a user f 0
This policy setting restricts the per 0
This policy prevents automati 0
This policy setting restricts users on 0
This policy setting restricts users on 0
This policy setting prevents users fr 0
This policy setting prevents the user 0
This policy setting removes the Admi 0
This policy setting removes the opti 0
This policy setting removes the opti 0
This policy setting removes the regi 0
This policy setting restricts the Wi 0
This policy setting restricts the Wi 0
This policy setting controls which U 0
This policy setting restricts users 0
This policy turns off the off 0
This policy turns off the ins 0
This policy turns off the aut 0
This policy turns off the hig 0
This policy setting control 0
This policy enables the autom 1
This policy setting determines how p 0
This policy setting turns of 0
This policy setting turns of 0
This policy setting allows Microsof 0
This security feature provides a glob 1
This policy setting allows y 0
Enter â€œ0â€ to disable Logon 0
Enabling this setting will cause the 0
This policy setting prevents the Gro 0
This policy setting allows an admini 0
This policy directs Group Policy pro 0
This policy setting prevents Local G 0
This policy setting specifies how lo 0
This policy setting allows user-based 0
This policy setting determines when 0
Prevents the system from updating th 0
This policy setting prevents Group P 0
This policy setting prevents adminis 0
This policy setting determines which 0
This policy setting defines a slow c 0
This policy setting specifies how of 0
This policy setting allows you to cr 0
This policy setting lets you always 0
This setting allows you to enable or 0
This policy setting directs the syst 0
This policy setting specifies how lo 0
This policy setting allows you to pe 0
This policy setting allows you to per 0
This policy setting allows you 0
This policy setting allows you to ex 0
This policy setting specifies whethe 0
This policy setting specifies wheth 0
This policy setting defines whether 0
This policy setting allows you to r 0
This policy setting turns off the W 0
This policy setting turns off the ac 0
"This policy setting prevents install 0
Designates the Audio/Video Player Ac 0
Designates the Microsoft Network (MS 0
This ActiveX control enables users to 0
Designates Shockwave flash as an adm 0
Designates a set of Microsoft Networ 0
Designates a set of Microsoft Activ 0
Designates the Microsoft Agent Activ 0
Designates the Microsoft Chat Active 0
Designates a set of MSNBC controls a 0
Designates NetShow File Transfer Con 0
Designates Microsoft Scriptlet Compo 0
Designates Microsoft Survey Control 0
This policy setting prevents the tex 0
This policy setting prevents the tex 0
Enhanced Protected Mode provides ad 0
Enhanced Protected Mode provides ad 0
This policy setting prevents Active 0
This policy setting prevents Active 0
This policy setting allows you to bl 1
This policy setting shows the Conten 0
This policy setting shows the Conten 0
This policy setting let you turn off 0
This policy allows the user to go dir 0
This policy allows the user to go dir 0
This policy setting specifies if as y 0
This policy setting specifies how yo 0
Restricts the amount of information 0
Prevents users from adding channels 0
Prevents users from specifying that 0
Prevents channel providers from reco 0
Prevents users from viewing the Chan 0
Prevents users from adding editing o 0
Prevents users from editing an exist 0
Prevents users from disabling channe 0
Prevents users from clearing the pre 0
Disables existing schedules for dow 0
Prevents content from being downloa 0
This policy setting prevents the us 0
Removes the Advanced tab from the i 0
Removes the Advanced tab from the i 0
Removes the Connections tab from the 0
Removes the Connections tab from the 0
If you enable this policy setting use 0
If you enable this policy setting use 0
Removes the General tab from the int 0
Removes the General tab from the int 0
Removes the Privacy tab from the int 0
Removes the Privacy tab from the int 0
Removes the Programs tab from the in 0
Removes the Programs tab from the in 0
Removes the Security tab from the in 0
Removes the Security tab from the in 0
This policy setting prevents the use 0
This policy setting determines whethe 1
This policy setting allows you to st 1
This policy setting allows you to st 1
This policy setting allows you to ens 0
This policy setting allows you to ens 0
For each zone the Binary and Scripte 0
For each zone the Binary and Scripte 0
Internet Explorer contains dynamic b 0
Internet Explorer uses Multipurpose 0
Internet Explorer uses Multipurpose 0
Internet Explorer uses Multipurpose I 0
Internet Explorer places zone restri 0
The MK Protocol Security Restriction 0
Internet Explorer may be configured t 0
Internet Explorer may be configured t 0
File Explorer and Internet Explorer 0
File Explorer and Internet Explorer 0
Internet Explorer may be configured 0
Internet Explorer may be configured 0
This policy setting defines whether a 0
This policy setting defines whether a 0
Internet Explorer places restriction 0
This policy setting enables applicat 0
This policy setting enables blocking 0
This policy setting enables applicati 0
Internet Explorer allows scripts to 0
For each zone the Network Protocol L 0
This policy setting allows Internet 0
This policy setting turns off Automa 0
This policy setting turns off Automa 0
This policy setting allows you to ad 0
Prevents automatic proxy scripts whic 0
Prevents branding of Internet progra 0
Prevents users from changing settin 0
This policy setting allows you to cu 0
This policy setting allows you to cu 0
Specifies that Automatic Detection wi 0
This policy setting allows the user 0
This policy setting turns off the Sec 0
This policy setting turns off the Sec 0
This policy setting positions the me 0
Specifies that error messages will b 0
This policy setting logs information 0
This policy setting logs information 0
This policy setting allows you to e 0
This policy settings disables the Imp 0
This policy settings disables the Imp 0
This policy setting allows you to di 0
This policy setting turns off Adobe F 0
This policy setting turns off Adobe F 0
Prevents users from configuring uniq 0
This policy setting prevents Interne 0
This policy setting controls the Acti 0
This policy setting controls the Acti 0
Allows Administrators to enable and 0
In Internet Explorer 9 and Internet E 0
In Internet Explorer 9 and Internet E 0
This policy setting allows the automa 0
This policy setting allows the automa 0
This policy setting prevents the Sea 0
This policy setting prevents the Sea 0
Prevents Internet Explorer from aut 0
This policy setting allows you to se 0
Prevents the Internet Explorer splas 0
Prevents Internet Explorer from check 0
Allows Administrators to enable and 0
If you enable this policy the user c 0
This setting specifies to automatica 0
This setting specifies to automatica 0
Prevents users from changing the bro 0
Prevents users from changing the de 0
Prevents users from changing certifi 0
Prevents Microsoft Internet Explorer 0
This policy setting allows you to ch 0
Prevents users from changing dial-up 0
Prevents users from changing dial-up 0
Prevents users from running the Int 0
Prevents users from changing font se 0
This AutoComplete feature suggests p 0
This AutoComplete feature can remem 0
This setting specifies the number of 0
This setting specifies the number of 0
The Home page specified on the Gene 0
Secondary home pages are the defaul 0
Secondary home pages are the defaul 0
Prevents users from changing languag 0
Prevents users from changing the col 0
You can allow pop-ups from specific 0
You can allow pop-ups from specific 0
Prevents users from changing Profile 0
This policy setting specifies if a use 0
This policy setting specifies if a use 0
Prevents users from changing ratings 0
Prevents users from restoring defaul 0
This policy setting is used to manage 0
This policy setting is used to manage 0
This AutoComplete feature suggests 0
This AutoComplete feature suggests 0
This policy setting turns off URL Su 0
This policy setting turns off URL Su 0
Disables using the F3 key to search 0
Makes the Customize button in the Sea 0
Applies security zone information to 0
Prevents users from changing securit 0
Prevents users from adding or removi 0
Specifies that programs using the Mi 0
Applies proxy settings to all users 0
This policy setting allows the playi 0
This policy setting controls the fir 0
This policy setting allows you to 0
This policy setting manages whether u 0
This policy controls whether or not th 0
This template policy setting allows 0
This policy setting allows you to manage a list of sites that
0 you want to associate with a particular security zone. These zone n
This policy setting allows you to manage a list of sites that
0 you want to associate with a particular security zone. These zone n
This policy setting enables intranet 0
This policy setting enables intranet 0
This policy setting causes a Notific 0
This policy setting causes a Notific 0
This policy setting makes hyperlinks 0
Prevents users from closing Microsof 0
Prevents users from saving Web pages 0
Prevents users from saving the compl 0
Prevents users from opening a new b 0
Prevents users from opening a file 0
Prevents users from sending feedbac 0
Prevents users from displaying tips 0
Prevents users from viewing or chang 0
Prevents users from running the Int 0
This policy setting prevents the sho 0
Prevents users from adding removing 0
Prevents using the shortcut menu to 0
Prevents users from saving a program 0
Prevents users from opening the Int 0
Prevents users from displaying the b 0
Prevents users from viewing the HT 0
This policy setting specifies that yo 0
Limits the amount of storage that a 0
This policy setting allows users to 0
This policy setting allows you to by 0
This policy setting allows you to def 0
This policy setting allows you to hi 0
This policy setting allows you to cha 0
The WebSocket object allows website 0
The WebSocket object allows website 0
Prevents users from determining whic 0
Prevents users from determining whi 0
Specifies which buttons will be displ 0
This policy setting allows you to sh 0
This policy setting allows you to sh 0
This policy setting allows you to sho 0
This policy setting allows you to sho 0
This policy setting allows you to lo 0
This policy setting allows you incre 0
This policy setting allows you incre 0
This policy setting controls the Sug 0
This policy setting controls the Sug 0
This policy setting allows you to est 0
This policy setting allows you to est 0
This policy setting allows you to es 0
This policy setting allows you to es 0
This policy setting restricts the lis 0
This policy setting restricts the lis 0
This policy setting controls the Com 0
This policy setting controls how Int 0
This policy setting controls how Int 0
This policy setting allows you to add 0
Compatibility View determines how In 0
Compatibility View determines how In 0
This policy controls the website comp 0
This policy controls the website comp 0
This policy setting lets you decide 1
This policy setting lets you decide 1
This policy setting lets you specify 1
This policy setting lets you specify 1
This policy setting sets data storage 0
This policy setting sets data storage 0
This policy setting allows websites 0
This policy setting sets data storag 0
This policy setting sets data storag 0
This policy setting sets the data st 0
This policy setting sets the data st 0
This policy setting sets file storage 0
This policy setting sets file storage 0
This policy setting sets the file sto 0
This policy setting sets the file sto 0
This policy setting sets the number o 0
This policy setting sets the number o 0
This policy setting sets the maximum 0
This policy setting configures what 0
This policy setting configures what 0
This policy setting configures Intern 0
This policy setting allows you to control which site zones1are included in the discovery functionality of the Internet Explorer Si
This policy setting allows you to control which site zones1are included in the discovery functionality of the Internet Explorer Si
Turns off the handwriting recognitio 0
Turns off the handwriting recognitio 0
If enabled then new iSNS servers ma 0
If enabled then new target portals 0
If enabled then discovered targets 0
If enabled then new targets may not 0
If enabled then do not allow the i 0
If enabled then only those sessions 0
If enabled then do not allow the in 0
If enabled then only those connectio 0
This policy setting defines the list 0
This policy setting configures the K 0
This policy setting controls the Ker 0
This policy setting defines the list 0
This policy setting configures the 0
This policy setting controls config 0
This policy setting controls wheth 0
Support for device authentication us 1
This policy setting determines how th 1
This policy setting changes the oper 0
This policy setting changes the oper 0
This policy setting ignores the cust 0
This policy setting ignores the cust 0
This policy setting ignores customiz 0
This policy setting ignores customiz 0
This policy is not available in this v 0
This policy setting hides the welcom 0
This policy setting specifies additi 0
This policy setting specifies additi 0
This policy setting suppresses syste 0
This policy setting hides the welcom 0
This policy is not available in this v 0
This policy setting ignores Windows 0
This policy setting prevents connec 0
This policy setting allows local use 0
This policy setting turns off 0
This setting lets you decide whether t 1
This setting lets you decide whether t 1
This setting lets you decide whether 1
This settings lets you decide how Mi 1
This settings lets you decide how Mi 1
Prevents users from entering author 0
Lets you selectively permit or prohib 0
Permits or prohibits use of this snap 0
This policy setting permits or prohib 0
Permits or prohibits use of the Group 0
This policy setting turns off Windows 0
This policy setting turns off Windows 0
This policy setting allows 0
This policy setting determines the e 0
This policy setting restricts the to 0
This policy setting configures Micro 0
This policy setting allows users to s 0
This policy setting allows users to p 0
This policy setting directs Windows 0
This policy setting directs Windows 0
This policy setting prevents 0
This policy setting controls the abil 0
This policy setting restricts the us 0
This policy setting prohibits Windows 0
This policy setting prohibits Windows 0
This policy setting permits users to 0
This policy setting controls the ab 0
This policy setting prevents Windows 0
This policy setting causes the Windo 0
This policy controls the perc 0
Specifies the types of events 0
This policy setting allows Web-based 0
This policy setting specifies the ord 0
This policy setting saves copies of t 0
Specifies the e-mail address to be u 0
Specifies the string that appears fo 0
Specifies whether an entry for Direc 0
Specifies whether the user has Conne 0
Specifies whether NCA service runs in 0
Specifies resources on your intrane 0
Specifies the IPv6 addresses of the 0
Specifies commands configured by th 0
This policy setting enables you to s 0
This policy setting enables you to 0
This policy setting enables you to 0
This policy setting enables you to sp 0
This policy setting enables you to s 0
This Policy setting enables you to s 0
This policy setting determines the a 0
This policy setting determines the m 0
This policy setting determines when r 0
This policy setting specifies the le 0
This policy setting specifies the ad 0
This policy setting specifies the am 0
This policy setting specifies the Ac 0
This policy setting determines whic 0
This policy setting specifies the Re 0
This policy setting specifies the va 0
This policy setting specifies the si 0
This policy setting specifies the Pri 0
This policy setting specifies the We 0
This policy setting determines if dy 0
This policy setting enables DC Locato 0
This policy setting determines the i 0
This policy setting detremines the t 0
This policy setting configures how a 0
This policy setting configures wheth 0
Determines whether administrators c 0
Determines whether the Advanced Set 0
Determines whether users can config 0
Determines whether a user can insta 0
Determines whether users can delete 0
Determines whether users can delete 0
Determines whether the Remote Accce 0
Determines whether settings that ex 0
Determines whether Administrators a 0
Determines whether users can enable/ 0
Determines whether users can change 0
Determines whether users can use th 0
Prohibits use of Internet Connectio 0
Determines whether a user can view a 0
Determines whether users can view a 0
Determines whether users can connect 0
Determines whether users can view an 0
Determines whether nonadministrators 0
Determines whether users can rename 0
Determines whether nonadministrator 0
Determines whether users can rename 0
Determines whether users can view th 0
Specifies whether or not the "local 0
This setting does not apply to desk 0
This policy setting configures secur 1
Makes subfolders available offline wh 0
This policy setting lists network fil 0
This policy setting lists network fil 0
Determines how computers respond whe 0
Determines how computers respond whe 0
Limits the percentage of the compute 0
Determines which events the Offline 0
Determines which events the Offline 0
Lists types of files that cannot be 0
Determines whether network files rem 0
Determines whether network files rem 0
Disables the Offline Files folder.Thi 0
Disables the Offline Files folder.Thi 0
Prevents users from enabling disablin 0
Prevents users from enabling disablin 0
Hides or displays reminder balloons 0
Hides or displays reminder balloons 0
Deletes local copies of the user's of 0
Determines how often reminder balloo 0
Determines how often reminder balloo 0
Determines how long the first remind 0
Determines how long the first remind 0
Determines how long updated reminde 0
Determines how long updated reminde 0
Configures the threshold value at wh 0
Determines whether offline files are 0
This policy setting controls the net 0
This policy setting limits the amount 0
This policy setting controls when ba 0
This policy setting enables administr 0
This policy setting removes the "Wor 0
This policy setting removes the "Wor 0
This setting turns off Microsoft Peer 0
This setting disables PNRP protocol 0
This policy setting enables or disa 0
This policy setting limits a node to 0
This setting sets the seed server fo 0
By default when a Peer Group is crea 0
Microsoft Passport for Work is an al 1
A Trusted Platform Module (TPM) prov 1
Microsoft Passport for Work enables u 1
Minimum PIN length configures the m 1
Minimum PIN length configures the m 1
Maximum PIN length configures the m 1
Maximum PIN length configures the m 1
Use this policy setting to configure 1
Use this policy setting to configure t 1
Use this policy setting to configure t 1
This policy setting configures the Pr 0
This policy setting is used only whe 0
Turns off Tablet PC Pen Training.If y 0
Turns off Tablet PC Pen Training.If y 0
Determines the execution level for W 0
Determines the execution level for 0
This policy setting specifies the act 0
This policy setting specifies the perc 0
This policy setting specifies the per 0
This policy setting turns off the use 0
This policy setting specifies the ac 0
This policy setting specifies the a 0
This policy setting manages whether 0
This policy setting manages whether 0
This policy setting allows applicati 0
This policy setting allows applicati 0
This policy setting lets you configur 0
This policy setting lets you configur 0
This policy setting lets you 0
This policy setting lets you 0
This policy setting enables l 1
This policy setting enables l 1
This policy setting lets you suppress 0
This policy setting lets you hide the 0
This setting lets you suppress the Re 0
This setting lets you suppress the Re 0
This policy setting lets you hide en 0
This policy setting lets you hide en 0
Internet printing lets you display pri 0
Determines if print driver components 0
By default the Printers folder inclu 0
If you enable this policy setting it 0
Allows users to use the Add Printer 0
When printing through a print server 0
Determines whether the XPS Rasteriz 0
Adds a link to an Internet or intrane 0
Determines whether printers using ke 0
Prevents users from using familiar me 0
If this policy setting is enabled it p 0
This policy sets the maximum number 0
This policy restricts clients compute 0
Restricts package point and print to 0
This policy restricts clients compute 0
Restricts package point and print to 0
If this policy setting is enabled it 0
Enables the physical Location Tracki 0
This policy setting controls the cli 0
This policy setting controls the cli 0
Specifies the Active Directory locatio 0
Announces the presence of shared pri 0
This policy determines if v4 printer 0
Microsoft XPS Document Writer (MXDW) 0
This policy controls whether th 1
This policy controls whether the pri 0
Determines whether the Add Printer Wi 0
Determines whether the pruning servi 0
Specifies how often the pruning servi 0
Sets the priority of the pruning thre 0
Specifies how many times the pruning 0
Specifies whether or not to log event 0
Determines whether the computer's shar 0
Directs the system to periodically ver 0
Determines whether the domain contro 0
This setting prevents users from us 0
This setting prevents users from acc 0
This setting removes the Set Progra 0
This setting prevents users from ac 0
Prevents users from viewing or insta 0
Specifies an alternate Layer-3 Diffe 0
Specifies the maximum number of out 0
Determines the percentage of connect 0
Determines the smallest unit of time 0
Specifies an alternate link layer (La 0
This policy setting allows the Windo 0
Requirements: Windows 7 Descr 0
This policy setting allows the syste 0
This policy setting defines when the 0
The Shutdown Event Tracker can be d 0
This policy setting enables Remote A 0
This policy setting allows you to im 0
This policy setting lets you customi 0
This policy setting allows you to t 0
This policy setting configures the a 0
This policy setting configures the a 0
This policy setting denies read acces 0
This policy setting denies write acce 0
This policy setting denies execute ac 0
This policy setting denies read acce 0
This policy setting denies read acce 0
This policy setting denies write acc 0
This policy setting denies write acc 0
Configure access to all removable sto 0
Configure access to all removable sto 0
This policy setting grants normal us 0
This policy setting controls the idl 0
This policy setting controls how the 0
This policy setting determines how l 0
This policy setting hides the instru 0
This policy setting displays the inst 0
This policy setting directs the syste 0
This policy setting directs the syste 0
This policy setting displays the ins 0
This policy setting lets the system r 0
This policy setting allows user logon 0
This policy setting allows users who 0
Determines whether scheduled diagnos 0
Enabling this policy prevents users 0
Enabling this policy prevents users 0
This policy setting allows encrypted 0
If enabled the search indexer backoff 0
If enabled clients will be unable to 0
If enabled the indexer pauses whenev 0
If enabled Search and Indexing Opti 0
If enabled Search and Indexing Opti 0
This policy setting allows words that 0
This policy setting configures whethe 0
This policy setting configures how 0
This policy setting allows you to en 0
This policy setting hides or display 0
If enabled files on network shares m 0
Enabling this policy allows indexin 0
Enabling this policy allows indexing 0
When using Microsoft Office Outlook 0
Enable this policy to prevent indexin 0
Enable this policy setting to preven 0
Enabling this policy defines a semicol 0
Enable this policy to prevent indexi 0
Store indexer database in this direct 0
Enabling this policy allows you to 0
Enabling this policy allows you to 0
Enabling this policy allows you to s 0
Enabling this policy prevents index 0
Enabling this policy prevents Windows 0
Enabling this policy removes the op 0
If you enable this policy setting you 0
If you enable this policy setting you 0
Enabling this policy allows you to ed 0
This policy setting prevents search 0
This policy setting specifies whether Cortana is allowed on
1 the device. Â If you enable or don't configure this setting Cortana w
This policy setting specifies whether search and Cortana1can provide location aware search and Cortana results.Â If this is ena
This policy setting allows selection 1
This Group Policy setting let 0
This policy setting turns off scr 0
This policy setting turns off scr 0
This policy setting specifies the ne 0
Prevent syncing to and from this PC. 0
Prevent the "app settings" group from 0
Prevent the "passwords" group from s 0
Prevent the "personalize" group from 0
Prevent the "AppSync" group f 0
Prevent the "Other Windows settings" 0
Prevent the "desktop personalization" 0
Prevent the "browser" group from sync 0
Prevent syncing to and from this PC 0
Prevent the "Start layout" gro 0
Specifies an alternate location for 0
Specifies an alternate location for 0
Turns off data sharing from the hand 0
Turns off data sharing from the hand 0
Disables the Windows registry editor 0
Limits the Windows programs that use 0
Prevents Windows from running the pr 0
This policy setting prevents the dis 0
This policy setting lets you preven 1
This policy setting lets you allow ce 0
This policy setting lets you determi 0
This policy settings lets you configu 0
This policy setting lets you allow si 0
This policy setting permits those cer 0
This policy setting lets you reverse 0
This policy setting prevents plainte 0
This policy setting lets you determi 0
This policy setting configures a li 0
This policy setting allows trap con 0
Specifies whether Sound Recorder ca 0
Specifies whether Sound Recorder ca 0
This policy setting controls which se 0
This policy setting specifies the me 0
This Group Policy Setting should be s 0
If you enable this policy setting th 0
If you enable this policy the start m 0
If you enable this policy the "See al 0
If you enable this policy a 0
If you enable this policy a "Search t 0
If you enable this policy setting the 0
If you enable this policy setting th 0
If you enable this policy the start 0
If you enable this setting the Run c 0
Clear history of recently opened doc 0
This policy only applies to the clas 0
Displays Start menu shortcuts to part 0
Disables personalized menus.Windows 0
This setting affects the taskbar whic 0
Lets users run a 16-bit program in 0
This setting affects the notification 0
Hides pop-up text on the Start menu 0
If you enable this setting the system 0
This policy setting allows pinning ap 0
This policy setting allows pinning ap 0
Specifies the Start layout for users 0
Specifies the Start layout for users 0
Removes items in the All Users prof 0
Prevents users from adding the Favor 0
If you enable this setting the frequ 0
If you enable this setting the "Pin 0
Prevents the operating system and in 0
Removes the Recent Items menu from 0
This policy setting prevents the syst 0
This policy setting prevents the syst 0
Allows you to remove the Run command 0
This policy setting allows you to rem 0
Hides all folders on the user-specif 0
This setting affects the presentati 0
Prevents the clock in the system noti 0
This setting affects the taskbar but 0
This setting affects the taskbar.Th 0
This setting affects the notification 0
If you enable this setting the "Und 0
If you enable this policy the Start 0
If you enable this setting users cann 0
Set the default action of the power 0
This policy setting shows or hides t 0
This policy setting allows users to g 0
This policy setting allows the Apps 0
This policy setting allows desktop ap 0
This policy setting allows the Start 0
Allows you to disable System Restore 0
Allows you to disable System Restore 0
Turns off the integration of applicat 0
Turns off the integration of applicat 0
Prevents Input Panel tab from appear 0
Prevents Input Panel tab from appear 0
Prevents the Tablet PC Input Panel i 0
Prevents the Tablet PC Input Panel i 0
Prevents the Tablet PC Input Panel ic 0
Prevents the Tablet PC Input Panel ic 0
Adjusts password security settings 0
Adjusts password security settings 0
Includes rarely used Chinese Kanji a 0
Includes rarely used Chinese Kanji a 0
Turns off both the more toler 0
Turns off both the more toler 0
Prevents the Touch Keyboard and Hand 0
Prevents the Touch Keyboard and Hand 0
Prevents start of InkBall game.If you 0
Prevents start of InkBall game.If you 0
Prevents start of Windows Journal.If 0
Prevents start of Windows Journal.If 0
Prevents printing to Journal Note Writ 0
Prevents printing to Journal Note Writ 0
Prevents the snipping tool from runnin 0
Prevents the snipping tool from runnin 0
Disables visual pen action feedback 0
Disables visual pen action feedback 0
Removes the Back->ESC mapping that n 0
Removes the Back->ESC mapping that n 0
Prevents the user from launching an 0
Prevents the user from launching an 0
Prevents press and hold actions on ha 0
Prevents press and hold actions on ha 0
Turns off Tablet PC hardware buttons 0
Turns off Tablet PC hardware buttons 0
Makes pen flicks learning mode unavai 0
Makes pen flicks learning mode unavai 0
Makes pen flicks and all related featu 0
Makes pen flicks and all related featu 0
This policy setting allows you to loc 0
This policy disables the functionality 1
This policy setting removes Notificat 1
Limits newly scheduled to items on t 0
Limits newly scheduled to items on t 0
This setting removes the "Open advan 0
This setting removes the "Open advan 0
Prevents users from adding or remov 0
Prevents users from adding or remov 0
Prevents users from starting and sto 0
Prevents users from starting and sto 0
Prevents users from viewing and chan 0
Prevents users from viewing and chan 0
Prevents users from creating new ta 0
Prevents users from creating new ta 0
Prevents users from deleting tasks 0
Prevents users from deleting tasks 0
This policy setting allows you to sel 0
This policy setting allows you to set 0
This policy setting specifies the IP 0
Fair Share CPU Scheduling dynamicall 0
This policy setting enables system a 0
Controls whether a user can save pa 0
Controls whether passwords can be s 0
Specifies whether to require the use 0
Specifies the authentication method 0
If you enable this policy setting wh 0
Specifies the address of the RD Gate 0
Specifies whether to allow Remote De 0
This policy setting allows you to li 0
Specifies whether desktop wallpaper 0
This policy setting allows you to ent 0
Specifies whether Remote Desktop Se 0
Specifies whether to remove the Win 0
If you enable this policy setting ad 0
If you enable this policy setting ad 0
This policy setting allows you to res 0
Configures Remote Desktop Services t 0
Configures Remote Desktop Services t 0
Specifies whether Remote Desktop Ser 0
This policy setting allows you to lim 0
This policy setting allows you to li 0
Specifies whether a Remote Desktop 0
This policy setting specifies the d 0
Turns off the caching of thumbnails i 0
Turn off Tablet PC touch inputTurns o 0
Turn off Tablet PC touch inputTurns o 0
Turn off Panning Turns off touc 0
Turn off Panning Turns off touc 0
This policy setting configures how 0
This setting lets you prevent users 1
This setting lets you prevent users 1
This setting lets you prevent users fr 1
This setting lets you prevent users fr 1
This policy setting lets you prevent 1
This setting lets you disable the data 1
This setting lets you disable the data 1
This setting lets you disable file res 1
This setting lets you disable file res 1
This setting lets you disable the creat 1
This setting lets you disable the creat 1
This policy setting adds the Administ 0
This policy setting disables the mor 0
This policy setting restores the de 0
This policy setting disables the det 0
This policy setting provides users w 0
This policy setting lets you exclude 0
This setting determines if roaming us 0
This policy setting controls how lon 0
This policy setting will automatical 0
This policy setting determines how m 0
This policy setting determines if th 0
This policy setting allows an adminis 0
This policy setting controls how lon 0
This policy setting sets the schedule 0
This setting prevents users from man 0
This policy setting turns off the adv 0
This policy setting controls on a pe 0
This policy setting controls compute 0
This policy setting lets you config 1
This policy setting specifies the c 0
This policy setting allows you to as 0
This policy setting allows you to ass 0
This policy setting allows you to cho 0
This policy setting controls the use 0
This policy setting configures whethe 0
This policy setting specifies a set 0
This policy setting prevents comput 0
This policy setting prevents compute 0
This policy setting prevents clients 0
This policy setting specifies that 0
This policy setting determines the d 0
This policy setting determines the ex 0
Windows Calendar is a feature that 0
Windows Calendar is a feature that 0
By default Add features to Windows 10 0
By default Add features to Windows 10 0
This policy setting affects the ability 0
This policy setting affects the ability 0
This policy setting prohibits access 0
This policy setting prohibits access 0
This policy setting allows the confi 0
Allows an administrator to specify i 1
This policy setting controls the load 0
This policy setting turns off Windo 0
This policy setting allows you t 0
This policy if defined will prevent 0
This policy setting allows you to ena 0
This policy setting allows you speci 0
This policy setting limits the rate a 0
This policy if defined will prevent 0
This policy setting defines a list o 0
This policy setting defines process 0
This policy setting defines threats 0
This policy setting defines addition 0
This policy setting configures a loca 0
This policy setting defines the numb 0
This policy setting turns off real-t 0
This policy setting defines the maxim 0
This policy setting configures a local 0
This policy setting configures the ti 0
This policy setting configures the t 0
This policy setting configures the ti 0
This policy setting configures the t 0
This policy configures Windows sof 0
This policy allows you to configure tr 0
This policy setting allows you to crea 0
This policy setting configures a loca 0
This policy setting defines the numbe 0
This policy setting allows you to spec 0
This policy setting allows you to spec 0
This policy setting allows you to d 0
This policy setting allows you to ena 0
This policy setting allows you to jo 0
This policy setting configures 1
This policy setting customize which 0
This policy setting allows you to cus 0
This policy setting allows user 1
Hide the Back button in the Open dia 0
Removes the list of most recently us 0
Removes the shortcut bar from the O 0
Configures the list of items display 0
This setting allows an administrator 0
Allows you to have File Explorer disp 0
This setting is designed to ensure 0
"This policy setting allows you to s 0
Disables the "Hide keyboard navigati 0
Removes all computers outside of th 0
Removes the File menu from My Compu 0
Removes the Hardware tab.This setti 0
Removes the Manage item from the F 0
Prevents users from using File Expl 0
When a file or folder is deleted in F 0
Prevents users from submitting alter 0
Removes the Security tab from File Ex 0
Removes shortcut menus from the des 0
Prevents users from using My Compute 0
Turn off Windows+X hotkeys.Keyboard 0
Prompts users for alternate logon cr 0
Limits the percentage of a volume's 0
If you enable this policy the "Inter 0
This policy setting allows up to five 0
Disables suggesting recent queries f 0
Changes the behavior of IShellFolder 0
Changes the behavior of IShellFolder 0
This policy setting allows you to hav 0
This policy setting allows you to hav 0
Shows or hides lock from the user ti 0
Shows or hides sleep from the power 0
Shows or hides hibernate from the p 0
This policy removes the end-user noti 0
This policy specifies the path to a f 0
This policy setting specifies an alt 0
This policy setting specifies the m 0
This policy setting hides the file s 0
Allows unsolicited incoming messages 0
Allows you to view and change the pr 0
Allows administrators to use the Win 0
Turns on Windows Firewall.If you en 0
Specifies that Windows Firewall bloc 0
Allows inbound file and printer shar 0
Defines the set of Internet Control 0
Allows Windows Firewall to record in 0
Prevents Windows Firewall from disp 0
Allows you to view and change the in 0
Allows remote administration of thi 0
Allows this computer to receive inb 0
Prevents this computer from receivi 0
Allows this computer to receive uns 0
Allows you to view and change the pr 0
Turns on Windows Firewall.If you en 0
Specifies that Windows Firewall bloc 0
Allows inbound file and printer shar 0
Defines the set of Internet Control 0
Allows Windows Firewall to record in 0
Prevents Windows Firewall from disp 0
Allows you to view and change the in 0
Allows remote administration of thi 0
Allows this computer to receive inb 0
Prevents this computer from receivi 0
Allows this computer to receive uns 0
Denies or allows access to the Windo 0
Denies or allows access to the Windo 0
Windows Mail will not check your n 0
Windows Mail will not check your n 0
Prevents Windows Media Digital Righ 0
This policy setting allows a screen s 0
Prevents the anchor window from bei 0
This policy setting allows you to hid 0
This policy setting prevents Window 1
This policy setting prevents Window 1
This policy setting turns on or turn 1
This policy setting turns on or turn 1
This policy setting configures access 1
This policy setting is deprecated and 1
This setting controls automatic upd 1
This setting allows you to remove a 1
Specifies whether this computer will 0
Specifies an intranet server to host 1
Specifies the hours that Windows wil 1
Specifies whether Automatic Updates 1
Specifies whether Automatic Update 1
Specifies whether the Windows Updat 1
Specifies that to complete a schedul 1
If you enable this policy a restart 1
Specifies the amount of time 1
Specifies the amount of time for Aut 1
Specifies the amount of time for Aut 1
Specifies the target group name or n 1
Even when Windows Update is configu 1
If you enable this policy setting in 1
This policy setting controls the le 1
This policy setting configures the n 1
This policy setting controls the use o 1
This policy controls whether the log 1
This policy controls which action wi 1
Specifies an alternate user interfac 1
This policy setting configures the co 1
Set up the menu name and URL for the 1
This policy setting specifies the Wo 1
This setting lets you configure how 1
This policy setting turns off t 1
This policy setting blocks a 1
This policy setting specifies 1
This policy setting specifies 1
This policy setting blocks voi 1
Status Policy Path
Computer Configuration\Windows Settings\Account Policies\Password Policy

Computer Configuration\Windows Settings\Account Policies\Account Lockout Poli
Computer Configuration\Windows Settings\Local Policies\Kerberos Policy
Computer Configuration\Windows Settings\Local Policies\Audit Policy
Computer Configuration\Windows Settings\Local Policies\User Rights Assignment
Computer Configuration\Windows Settings\Local Policies\Security Options
Computer Configuration\Windows Settings\Security Settings\Event Log
Computer Configuration\Windows Settings\Security Settings\Restricted Groups
Computer Configuration\Windows Settings\Security Settings\System Services
Computer Configuration\Windows Settings\Security Settings\Registry
Computer Configuration\Windows Settings\Security Settings\File System
Policy Name Supported On
Enforce password history At least Windows XP SP2, Windows Server 2003

Maximum password age At least Windows XP SP2, Windows Server 2003
Minimum password age At least Windows XP SP2, Windows Server 2003
Minimum password length At least Windows XP SP2, Windows Server 2003
Password must meet complexity requirement At least Windows XP SP2, Windows Server 2003
Store passwords using reversible encryption for all users in the domain At least Windows XP SP2, Windows Server 2003
Account lockout duration At least Windows XP SP2, Windows Server 2003
Account lockout threshold At least Windows XP SP2, Windows Server 2003
Reset lockout counter after At least Windows XP SP2, Windows Server 2003
Enforce user logon restrictions At least Windows XP SP2, Windows Server 2003
Maximum lifetime for service ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket At least Windows XP SP2, Windows Server 2003
Maximum lifetime for user ticket renewal At least Windows XP SP2, Windows Server 2003
Maximum tolerance for computer clock synchronization At least Windows XP SP2, Windows Server 2003
Audit account logon events At least Windows XP SP2, Windows Server 2003
Audit account management At least Windows XP SP2, Windows Server 2003
Audit directory service access At least Windows XP SP2, Windows Server 2003
Audit logon events At least Windows XP SP2, Windows Server 2003
Audit object access At least Windows XP SP2, Windows Server 2003
Audit policy change At least Windows XP SP2, Windows Server 2003
Audit privilege use At least Windows XP SP2, Windows Server 2003
Audit process tracking At least Windows XP SP2, Windows Server 2003
Audit system events At least Windows XP SP2, Windows Server 2003
Access this computer from the network At least Windows XP SP2, Windows Server 2003
Access Credential Manager as a trusted caller At least Windows Vista, Windows Server 2008
Act as part of the operating system At least Windows XP SP2, Windows Server 2003
Add workstations to a domain At least Windows XP SP2, Windows Server 2003
Adjust memory quotas for a process At least Windows XP SP2, Windows Server 2003
Allow log on locally At least Windows XP SP2, Windows Server 2003
Allow log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Backup files and directories At least Windows XP SP2, Windows Server 2003
Bypass traverse checking At least Windows XP SP2, Windows Server 2003
Change the system time At least Windows XP SP2, Windows Server 2003
Change the time zone At least Windows Vista, Windows Server 2008
Create a pagefile At least Windows XP SP2, Windows Server 2003
Create a token object At least Windows XP SP2, Windows Server 2003
Create global objects At least Windows XP SP2, Windows Server 2003
Create permanent shared objects At least Windows XP SP2, Windows Server 2003
Create Symbolic Links At least Windows Vista, Windows Server 2008
Debug programs At least Windows XP SP2, Windows Server 2003
Deny access to this computer from the network At least Windows XP SP2, Windows Server 2003
Deny log on as a batch job At least Windows XP SP2, Windows Server 2003
Deny log on as a service At least Windows XP SP2, Windows Server 2003
Deny log on locally At least Windows XP SP2, Windows Server 2003
Deny log on through Remote Desktop Services At least Windows XP SP2, Windows Server 2003
Enable computer and user accounts to be trusted for delegation At least Windows XP SP2, Windows Server 2003
Force shutdown from a remote system At least Windows XP SP2, Windows Server 2003
Generate security audits At least Windows XP SP2, Windows Server 2003
Impersonate a client after authentication At least Windows XP SP2, Windows Server 2003
Increase a process working set At least Windows Vista, Windows Server 2008
Increase scheduling priority At least Windows XP SP2, Windows Server 2003
Load and unload device drivers At least Windows XP SP2, Windows Server 2003
Lock pages in memory At least Windows XP SP2, Windows Server 2003
Log on as a batch job At least Windows XP SP2, Windows Server 2003
Log on as a service At least Windows XP SP2, Windows Server 2003
Log on locally Only Windows XP SP2
Manage auditing and security log At least Windows XP SP2, Windows Server 2003
Modify an object label At least Windows Vista, Windows Server 2008
Modify firmware environment values At least Windows XP SP2, Windows Server 2003
Perform volume maintenance tasks At least Windows XP SP2, Windows Server 2003
Profile single process At least Windows XP SP2, Windows Server 2003
Profile system performance At least Windows XP SP2, Windows Server 2003
Remove computer from docking station At least Windows XP SP2, Windows Server 2003
Replace a process level token At least Windows XP SP2, Windows Server 2003
Restore files and directories At least Windows XP SP2, Windows Server 2003
Shut down the system At least Windows XP SP2, Windows Server 2003
Synchronize directory service data At least Windows XP SP2, Windows Server 2003
Take ownership of files or other objects At least Windows XP SP2, Windows Server 2003
Accounts: Administrator account status Windows XP SP2, Windows Server 2003
Accounts: Block Microsoft accounts Windows 8, Windows Server 2012
Accounts: Guest account status At least Windows XP SP2, Windows Server 2003
Accounts: Limit local account use of blank passwords to console logon only At least Windows XP SP2, Windows Server 2003
Accounts: Rename administrator account At least Windows XP SP2, Windows Server 2003
Accounts: Rename guest account At least Windows XP SP2, Windows Server 2003
Audit: Audit the accesss of global system objects At least Windows XP SP2, Windows Server 2003
Audit: Audit the use of Backup and Restore privilege At least Windows XP SP2, Windows Server 2003
Audit: Force audit policy subcategory settings (Windows Vista or later) to overri At least Windows Vista, Windows Server 2008
Audit: Shut down system immediately if unable to log security audits At least Windows XP SP2, Windows Server 2003
DCOM: Machine Access Restrictions in Security Descriptor Definition Languag At least Windows XP SP2, Windows Server 2003
DCOM: Machine Launch Restrictions in Security Descriptor Definition Languag At least Windows XP SP2, Windows Server 2003
Devices: Allow undock without having to log on At least Windows XP SP2, Windows Server 2003
Devices: Allowed to format and eject removable media At least Windows XP SP2, Windows Server 2003
Devices: Prevent users from installing printer drivers At least Windows XP SP2, Windows Server 2003
Devices: Restrict CD-ROM access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Restrict floppy access to locally logged-on user only At least Windows XP SP2, Windows Server 2003
Devices: Unsigned driver installation behavior Only Windows XP SP2, Windows Server 2003
Domain controller: Allow server operators to schedule tasks At least Windows XP SP2, Windows Server 2003
Domain controller: LDAP server signing requirements At least Windows XP SP2, Windows Server 2003
Domain controller: Refuse machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt or sign secure channel data (always) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally encrypt secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Digitally sign secure channel data (when possible) At least Windows XP SP2, Windows Server 2003
Domain member: Disable machine account password changes At least Windows XP SP2, Windows Server 2003
Domain member: Maximum machine account password age At least Windows XP SP2, Windows Server 2003
Domain member: Require strong (Windows 2000 or later) session key At least Windows XP SP2, Windows Server 2003
Interactive logon: Do not display last user name At least Windows XP SP2, Windows Server 2003
Interactive Logon: Display user information when session is locked At least Windows Vista, Windows Server 2008
Interactive logon: Do not require CTRL+ALT+DEL At least Windows XP SP2, Windows Server 2003
Interactive logon: Machine account lockout threshold Windows 8, Windows Server 2012
Interactive logon: Machine inactivity limit Windows 8, Windows Server 2012
Interactive logon: Message text for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Message title for users attempting to logon At least Windows XP SP2, Windows Server 2003
Interactive logon: Number of previous logons to cache (in case domain controllerAt least Windows XP SP2, Windows Server 2003
Interactive logon: Prompt user to change password before expiration At least Windows XP SP2, Windows Server 2003
Interactive logon: Require Domain Controller authentication to unlock workstati At least Windows XP SP2, Windows Server 2003
Interactive logon: Require smart card At least Windows XP SP2, Windows Server 2003
Interactive logon: Smart card removal behavior At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Digitally sign communications (if server agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network client: Send unencrypted password to third-party SMB serverAt least Windows XP SP2, Windows Server 2003
Microsoft network server: Amount of idle time required before suspending sessi At least Windows XP SP2, Windows Server 2003
Microsoft network server: Attempt S4U2Self to obtain claim information Windows 8, Windows Server 2012
Microsoft network server: Digitally sign communications (always) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Digitally sign communications (if client agrees) At least Windows XP SP2, Windows Server 2003
Microsoft network server: Disconnect clients when logon hours expire At least Windows XP SP2, Windows Server 2003
Microsoft network server: Server SPN target name validation level At least Windows 7, Windows Server 2008 R2
Network access: Allow anonymous SID/Name translation At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts At least Windows XP SP2, Windows Server 2003
Network access: Do not allow anonymous enumeration of SAM accounts and s At least Windows XP SP2, Windows Server 2003
Network access: Do not allow storage of passwords and credentials for networkAt least Windows XP SP2, Windows Server 2003
Network access: Let Everyone permissions apply to anonymous users At least Windows XP SP2, Windows Server 2003
Network access: Named Pipes that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths At least Windows XP SP2, Windows Server 2003
Network access: Remotely accessible registry paths and sub-paths At least Windows XP SP2, Windows Server 2003
Network access: Restrict anonymous access to Named Pipes and Shares At least Windows XP SP2, Windows Server 2003
Network access: Shares that can be accessed anonymously At least Windows XP SP2, Windows Server 2003
Network access: Sharing and security model for local accounts At least Windows XP SP2, Windows Server 2003
Network security: Do not store LAN Manager hash value on next password cha At least Windows XP SP2, Windows Server 2003
Network security: Force logoff when logon hours expire At least Windows XP SP2, Windows Server 2003
Network security: LAN Manager authentication level At least Windows XP SP2, Windows Server 2003
Network security: LDAP client signing requirements At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including se At least Windows XP SP2, Windows Server 2003
Network security: Minimum session security for NTLM SSP based (including se At least Windows XP SP2, Windows Server 2003
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Incoming NTLM traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit Incoming NTLM Traffic At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Audit NTLM authentication in this domain At least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add remote server exceptions for NTLM autheAt least Windows 7, Windows Server 2008 R2
Network security: Restrict NTLM: Add server exceptions in this domain At least Windows 7, Windows Server 2008 R2
Network security: Allow LocalSystem NULL session fallback At least Windows 7, Windows Server 2008 R2
Network security: Allow Local System to use computer identity for NTLM At least Windows 7, Windows Server 2008 R2
Network security: Allow PKU2U authentication requests to this computer to use A
o t least Windows 7, Windows Server 2008 R2
Network security: Configure encryption types allowed for Kerberos At least Windows 7, Windows Server 2008 R2
Recovery console: Allow automatic administrative logon At least Windows XP SP2, Windows Server 2003
Recovery console: Allow floppy copy and access to all drives and all folders At least Windows XP SP2, Windows Server 2003
Shutdown: Allow system to be shut down without having to log on At least Windows XP SP2, Windows Server 2003
Shutdown: Clear virtual memory pagefile At least Windows XP SP2, Windows Server 2003
System cryptography: Use FIPS compliant algorithms for encryption, hashing, aAt least Windows XP SP2, Windows Server 2003
System cryptography: Force strong key protection for user keys stored on the At least Windows XP SP2, Windows Server 2003
System objects: Default owner for objects created by members of the Administr At least Windows XP SP2, Windows Server 2003
System objects: Require case insensitivity for non-Windows subsystems At least Windows XP SP2, Windows Server 2003
System objects: Strengthen default permissions of internal system objects (e.g.,Windows XP SP2, Windows Server 2003
System settings: Optional subsystems At least Windows Vista, Windows Server 2003
System settings: Use Certificate Rules on Windows Executables for Software Res
At least Windows Vista, Windows Server 2003
User Account Control: Admin Approval Mode for the Built-in Administrator acco At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for administrators in At least Windows Vista, Windows Server 2008
User Account Control: Behavior of the elevation prompt for standard users At least Windows Vista, Windows Server 2008
User Account Control: Detect application installations and prompt for elevation At least Windows Vista, Windows Server 2008
User Account Control: Only elevate executables that are signed and validated At least Windows Vista, Windows Server 2008
User Account Control: Only elevate UIAccess applications that are installed in At least Windows Vista, Windows Server 2008
secure locations
User Account Control: Run all administrators in Admin Approval Mode At least Windows Vista, Windows Server 2008
User Account Control: Switch to the secure desktop when prompting for elevati At least Windows Vista, Windows Server 2008
User Account Control: Virtualize file and registry write failures to per-user locati At least Windows Vista, Windows Server 2008
User Account Control: Allow UIAccess applications to prompt for elevation withoAt least Windows Vista, Windows Server 2008
Maximum application log size Only Windows XP SP2, Windows Server 2003
Maximum security log size Only Windows XP SP2, Windows Server 2003
Maximum system log size Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing application log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing security log Only Windows XP SP2, Windows Server 2003
Prevent local guests group from accessing system log Only Windows XP SP2, Windows Server 2003
Retain application log Only Windows XP SP2, Windows Server 2003
Retain security log Only Windows XP SP2, Windows Server 2003
Retain system log Only Windows XP SP2, Windows Server 2003
Retention method for application log Only Windows XP SP2, Windows Server 2003
Retention method for security log Only Windows XP SP2, Windows Server 2003
Retention method for system log Only Windows XP SP2, Windows Server 2003
Restricted Groups Only Windows XP SP2, Windows Server 2003
System Services Only Windows XP SP2, Windows Server 2003
Registry Only Windows XP SP2, Windows Server 2003
File System Only Windows XP SP2, Windows Server 2003
Registry Settings
Password Policy security settings are not registry keys.

Account Lockout Policy security settings are not registry keys.
Kerberos Policy security settings are not registry keys.
Audit Policy security settings are not registry keys.
User Rights security settings are not registry keys
Not a registry key
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswo
rdUse
Not a registry key
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditi
ng
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLega
cyAuditPolicy
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineAccessRestriction
MACHINE\SOFTWARE\policies\Microsoft\windows
NT\DCOM\MachineLaunchRestriction
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syst
em\UndockWithoutLogon
MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMa
n Print Services\Servers\AddPrinterDrivers
NT\CurrentVersion\Winlogon\AllocateCDRoms
NT\CurrentVersion\Winlogon\AllocateFloppies
MACHINE\Software\Microsoft\Driver Signing\Policy
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\L
DAPServerIntegrity
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
\RefusePasswordChange
\RequireSignOrSeal
\SealSecureChannel
\SignSecureChannel
\DisablePasswordChange
\MaximumPasswordAge
\RequireStrongKey
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Sys
Machine\Software\Microsoft\Windows\CurrentVersion\Policies\Syste
m, value=DontDisplayLockedUserId
em\DisableCAD
Not a registry key
Not a registry key
em\LegalNoticeText
em\LegalNoticeCaption
NT\CurrentVersion\Winlogon\CachedLogonsCount
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
NT\CurrentVersion\Winlogon\ForceUnlockLogon
em\ScForceOption
NT\CurrentVersion\Winlogon\ScRemoveOption
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\
Parameters\RequireSecuritySignature
Parameters\EnableSecuritySignature
Parameters\EnablePlainTextPassword
MACHINE\System\CurrentControlSet\Services\LanManServer\Para
meters\AutoDisconnect
Not a registry key
meters\RequireSecuritySignature
meters\EnableSecuritySignature
meters\EnableForcedLogOff
meters\SmbServerNameHardeningLevel
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou
sSAM
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymou
s
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCre
ds
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludes
Anonymous
meters\NullSessionPipes
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi
nreg\AllowedPaths\Machine
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Wi
nreg\AllowedPaths\Machine
meters\NullSessionShares
meters\NullSessionShares
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash
Not a registry key
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLev
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegr
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinC
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMin
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSe
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictRe
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditRecei
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAll
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\allownull
sessionfallback
MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineId
MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnline
ID
em\Kerberos\Parameters\SupportedEncryptionTypes
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
em\ShutdownWithoutLogon
MACHINE\System\CurrentControlSet\Control\Session
Manager\Memory Management\ClearPageFileAtShutdown
MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPoli
cy
MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtec
tion
MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminO
wner
Manager\Kernel\ObCaseInsensitive
Manager\ProtectionMode
Manager\SubSystems\optional
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifier
s\AuthenticodeEnabled
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Filt
erAdministratorToken
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co
nsentPromptBehaviorAdmin
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Co
nsentPromptBehaviorUser
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\En
ableInstallerDetection
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Val
idateAdminCodeSignatures
ableSecureUIAPaths
ableLUA
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Pro
mptOnSecureDesktop
ableVirtualization
ableUIADesktopToggle
Event Log security settings are not registry keys.
Restricted Groups policy settings are not registry keys.
System Services policy settings are not registry keys.
not a registry key
File System policy settings are not registry keys.
Help Text
Enforce password history

Maximum password
This security age
setting determines the number of unique new passwords that have to be associated with a user account before an old password can be reused. Th
Minimum
This password age
This security
policy enablessettingadministrators
determines thetoperiod enhance of time (in days)
security that a password
by ensuring can be used
that old passwords arebefore the system
not reused requires the user to change it. You can set password
continually.
than
Minimumthe maximum
password password
length age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days.
This security setting determines the period of time (in days) that a password must be used before the user can change it. You can set a value between 1 and 998
Default:
Note:security
Password
This It is amust
security
meetbest practicethe
complexity to least
have passwords
requirements expire every that30a to 90 days,for depending on yourmay environment. This way, an attacker has a limited
1 andamount of
The minimumsetting password determines
age must be lessnumber
than theofMaximum
characters password password
age, unless athe
user account
maximum contain.
password ageYouis setcan
to set a value
0, indicatingofthat
between
passwords 14 never
will charac
24
Storeon passwords
domain controllers.
using reversible encryption
Default:
This
0 42. setting
on security
stand-alone
Default: determines whether passwords must meet complexity requirements.
servers.
Configure the minimum password age to be more than 0 if you want Enforce password history to be effective. Without a minimum password age, users can cycle
Account
password
This lockout
when
security duration
the user
setting logs on.whether
determines If must
the password history
the operating is set
system to 0, the
stores user doesusing
passwords not have to choose
reversible a new password. For this reason, Enforce password histor
encryption.
If this
Note:
7 policy
By default,
on domain iscontrollers.
enabled,
member passwords
computers meet
follow thethe following
configuration minimum requirements:
of their domain controllers.
Account
To lockout
maintain the threshold
effectiveness of the password history, do not allow passwords to be changed immediately after
0 on stand-alone
This policy
Default:
This
Not containprovides
servers.
security setting supportdetermines
the user's account forname number that
applications of minutes
or parts of theuseuser's a locked-out
protocols account
that require
full name
remains locked
knowledge
that exceed
out before
of the user's
two consecutive password
characters forthey
automatically were just changed
becoming
authentication by Storing
unlocked.
purposes. also available
The enabling the Min
range
passwords usis
Reset
Be
This at account
least
security six lockout
characters
setting counter
in
determines after
length the number of failed logon attempts that causes a user account to be locked out. A locked-out account cannot be used until it is
Note:
If
1 an By default,
account
on policy
This domain member
lockout
iscontrollers.
required when computers
threshold using followthe
is defined, theaccount
Challenge-Handshakeconfiguration
lockout ofduration
their domain
Authentication must controllers.
be
Protocol greater
(CHAP) than or equal to the
authentication reset remote
through time. access or Internet Authentication Servic
Contain
Enforce characters
user logon from three
restrictions of the following four categories:
0 on security
This
Englishstand-alone
uppercase servers.
setting determines
characters (Athe number of minutes
through that must elapse afterbeen
a failed logon attempt before the failed logon attempt counter is reset to 0 badsave
logo
Failed
Default:
Default:
password
None,
Disabled.
attempts
because thisagainst
policy setting Z)
workstations
only hasor member
meaningservers when an that have
Account lockoutlocked using
threshold either CTRL+ALT+DELETE
is specified. or password-protected screen
English
Maximum
This lowercase
lifetime characters
for service (a through
ticket z)
If an security
Note:
Base By0. default,
account
Default:10 digits
setting
lockout determines
(0 memberthreshold
through 9) iswhether
computers defined, the
follow Kerberos
the
this V5must
configuration
reset time Keyofbe
Distribution
their thanCenter
lessdomain (KDC)
to thevalidates
orcontrollers.
equal Accounteverylockoutrequest
duration.for a session ticket against the user rights polic
Maximum
Non-alphabetic
This securitylifetime for user
characters ticket
(for example, !, $, #, %)
setting determines the maximum amount of time (in minutes) that a granted session ticket can be used to access a particular service. The setting m
Default:
Default: Enabled.
None, because this
Complexity requirements arepolicy
enforced setting
whenonly has meaning
passwords when an Account
are changed or created. lockout threshold is specified.
Maximum
This securitylifetime fordetermines
setting user ticket the renewal
maximum amount of timea(in hours) that
If a client presents an expired session ticket when it requests connection to aa user's
server,ticket-granting ticketan
the server returns (TGT)
errormay be used.
message. The client must request a new sess
servers.
Maximum
This Ongoing
securitytolerance operations
setting for computer
determines are not interrupted
clock
the if the
synchronization
period of time (in session
days) ticket
during that
which is
a used
user's to authenticate
ticket-granting the connection
ticket (TGT) expires
may be during the connection.
renewed.
Default: 10 hours.
Audit
Default:
This account
600
security logon events
minutes
setting (10 hours). the maximum time difference (in minutes) that Kerberos V5 tolerates between the time on the client clock and the time on the do
determines
Default: 7 days.
Audit
This accountsetting
security management determines whether
Enabled
To prevent on"replay
domainattacks," controllers. Kerberos V5 the
uses OS timeaudits
stamps eachastime partthis computer
of its protocolvalidates
definition. anFor account’s
time stamps credentials.
to work properly, the clocks of the client and the dom
Disabled
maximum
Auditsecurity on stand-alone
acceptable
directorysetting service servers.to Kerberos V5 between a client clock and domain controller clock. If the difference between a client clock and the domain contr
difference
access
This
Account logon events are generated whenever a computer validates the credentials of an account for which it is of
determines whether to audit each event of account management on a computer. Examples account management
authoritative. Domain members events include:
and non-domai
domain
Audit
Note:security
Important
This controller,
logon events
By default, setting may
member be
determines in support
computers whetherof a
follow logon
the the
OS to another
configuration
audits usercomputer.
of their domain
attempts Credential
to access validation
controllers.
Active is
Directory stateless
objects. so there
Audit is
is no
only corresponding
generated for logoff
objectsevent
that for
haveaccount
system logo
ac
A user account or group is created, changed, or deleted.
A
Audit
If user account
object
thisadministrator
policy is accessis
setting renamed,
isdetermines
defined, disabled,
the or enabled.
administrator can
This
This
The
A
security
setting
password
setting
is not
set persistent
can specifyonwhether
or changed.
whether
pre to the
Vista OS
platforms.
audit only Ifspecify
audits youeach
successes, whether
instance
configureonly this toofaudit
a user
setting
failures, only
bothand successes,
attempting
then restart
successes only
to and
log on
the failures,
to or toor
computer,
failures, both
log
tothis successes
off
not to this these
setting
audit andevents
computer.
reverts failures, or
allto
to theatdefault not
(i.e. audit these
value.
neither eve
successe
Audit
If
This you policy
define
security change
this policy
setting setting,
determines you can
whetherathespecify whether
OS audits to
user audit successes,
attempts audit failures,
to access non-Active or not
Directoryaudit the event type at all. Success audits generate an audit ent
Default:
Log
Default:
If off
Success Success.
events
5 minutes. are generated
auditing is box
enabled, whenever
an audit logged
entry on user
is generated account's
each time logon
any session
account is terminated.
successfully If thisobjects.
accesses policy Audit isisonly
setting
a Directory
generated
defined,
object thatthe
for objects that
hasadministrator
a matching SACL can have
specifysystem
whe
specified.
policy
Auditsecurity settings
privilegesetting check and clear the Success and Failure check boxes.
use determines whether the OS audits each instance of attempts to change user rights assignment policy, audit policy, account policy, or trust p
This
The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successe
Default:
If Failure Success.
auditing is enabled, an audit entry is generated each time any user unsuccessfully attempts to access a Directory object that has a matching SACL spe
Default:
Audit
This process
security tracking
setting determines whether to audit each instance only of a user exercising a user right.
The
If Success administratorauditingcan specify whether
is enabled, an audittoentryaudit isonly successes,
generated each timefailures, any account both successfully
successes and failures,aor
accesses to not audit these
non-Directory objectevents
that has at aallmatching
(i.e. neither
SACL successe
speci
Default:
Audit
Success
This system
securityon events
domain
setting controllers.
determines whether the OS audits process-related events such as process creation, process termination, handle duplication, and indirect ob
If Success
If you define this policy
auditing setting, an youaudit
can entry
specify whether to when
audit successes, audit failures, or not audit this type of event audit at all.policy,
Success audits generate an audit
NoFailure
If
Access
auditing on member
auditing
this computer isisenabled,
enabled,
from
servers.
the annetwork
audit entry isisgenerated
generated each time an any
attempted change
user unsuccessfully to user rights
attempts assignment
to access apolicy, non-Directory object or that
trust policy
has is successful.
a matching SACL
Success
This
If this on domain
securitysetting controllers.
settingisdetermines whether the OScan audits any of the following events:
To
Undefined
If setpolicy
Failure this forvalue toisNo
a member
defined,
auditing,
computer.
the
in administrator
the Properties dialogspecifybox whether to audit
for thisattempted
policy only successes,
setting, select only failures,
the rights
Define these policyboth successes
settings and box
check failures, clear
policy, orand
or to not
theisaudit
Successtheseandeve
byF
Note
This that auditing
user you
right can setenabled,
determines a SACL which
an
onaudit
a fileentry
users system is generated
object using whenthe anSecurity tabtoinchange to user
thatcomputer
object's Properties assignment
dialog box. policy, audit trust policy attempted
•If Attemptedsetting is used by
system time Credential
change Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credu
and groups are allowed to connect the over the network. Remote Desktop Services are not affected by this
Success
Default: Noauditing
auditing. is enabled, an audit entry is generated each time the OS performs one of these process-related activities.
•Default:
Act Attempted
Default: as part No of security
the operating
auditing. systemsystem startup or shutdown
Note:
•If Attempt Remoteto loadDesktop
extensible Services was calledcomponents
authentication Terminal Services in previous versions of Windows Server.
Failure
Audits auditing
areon not is
generated enabled, for use an audit theentry
of impersonate is generated
following useruser each
rights, timeif the
even successOS fails to perform
audits one of these activities.for Audit privilege use. Enabling auditing of thes
Add
•Success
ThisLossworkstations
userof domain
audited
right allowsto domain
events controllers.
due
a process to auditing
to system failure
any without authentication. Theorprocess
failure audits are specified
can therefore gain access to the same local resources as that user
Default
•No Security on
auditing workstations
logonsizemember exceeding and
servers.servers:
a configurable warning threshold level.
Default:
Adjust
Bypass
Administrators
This security No
memory auditing
traverse quotas
checking
setting for
determinesa processwhich groups
Processes that require this privilege should useorthe users can add workstations
LocalSystem account, which to a already
domain.includes this privilege, rather than using a separate user account with th
Debug
Backup programs
If
2000
Allow
This orlogOperators
thisprivilege
policyon setting
Windows locally NT
determines is 4.0,
defined, the administrator
you might
who can need to
change theassigncan this
maximum specify whether
privilege
memory tothat
usetocan
audit only
applications
be successes,
consumed that by a only
exchangeprocess.failures,
passwords bothinsuccesses
plaintext. and failures, or to not audit these eve
Create
Users
This a token
security objectis valid only on domain controllers. By default, any authenticated user
setting has this right and can create up to 10 computer accounts in the doma
Replace
Everyone
Allow
If Success logprocess
on through
auditing level token Desktop
isRemote
enabled, an audit Services
entry is generatedlog each
Caution
This
This logon
user right
right isdetermines
defined which
in the users
Default can interactively
Domain on time
to this the OS performs
computer. Logons oneinitiated
ofthe
these byactivities
pressing successfully.
CTRL+ALT+DEL sequence on the attached keybo
Generate
Adding
group this
security
a computer
right.
audits
account to the domain allowsController
the computer Group toPolicy
participateobject in(GPO)
Active and in
Directoryûbased local security policy
networking. of workstations
For example, adding and servers.
a workstation to a doma
Back
Default
This
If up
Failure files
onauditing
security and
domain directories
useriscontrollers:
setting determines
enabled, anawhich
audit users
entry isorgenerated
groups have permission totolog on asusers.
a Remote
fails toDesktop
perform Services client.
Assigning
Note:
Restore This
Administrators
Default:
this
filesprivilege right
is
and directories
Authenticated
can be
useful
Users for security
on system
domain
risk.
tuning, Only
controllers. can each
but it assign bethis time
userthe
misused, OS
right
for attempts
trusted
example, inand
a denial-of-service one of these
attack. activities.
Default
Bypass
This on workstations
traverse
user rightUsers checking and servers: Administrators
determines which users can bypass file and directory, registry, and other persistent object permissions for the purposes of backing up the system
Authenticated
Default:
Default:
Backup None.
Operators
Default:
Caution
Enterprise
Note: Administrators
Users Domain
who haveControllers
the Create Computer Objects directory
permission on even
the Active Directory computers container can also
Change
Users.
This
Local user the
Service
Specifically,
system
right
this determines
user
time
right is which
similarusers can traverse
to granting the following trees
permissions though
to the userthe user may in
or group notquestion
have permissions
on oncreate
the computer
traversed accountsThis
on thedirectory.
in the domain.
privilege doT
Everyone
as
On the owner
workstation
Success on of and
domain the computer
servers:
controllers. account,
Administrators,while Remote
computer accounts
Desktop that are created
Users. by means of permissions onallthefiles and
computers folderscontainer system:
have the creator as the o
Network
Change
Incorrectly
Pre-Windows Service.
the Time
editing Zone
the registry may severely damagecan your system. Before making changes to the clock
registry, youcomputer.
should back up any
that valued data on the computer.
On
This
No
This domain
user
auditing
Default user on2000
controllers:
right
right member
onFolder/Execute
domain is
Compatible
determines
defined Administrators.
which
servers.
controllers:
in
Access
users
theAccount
Default and groups
Operators
Domain Controller change
Groupthe timeobject
Policy and date
(GPO)on theandinternal
in the local of the
security Users
policy of workstations areandassigned
servers.this user right ca
Traverse File
Administrators
Create
List a pagefile
Folder/Read
This user
Important
This
Backup
Default user right
right
Operators
on is Data
determines
definedand
workstations inwhich
the users Domain
Default
servers:
and groups can change
Controller Groupthe timeobject
Policy zone used (GPO) byand
the incomputer
the localfor displaying
security policy theoflocal time, which
workstations andisservers.
the computer's system
Read
Create Attributes
a token object
Print
Read Operators
Administrators
This user
user right is
Extended determines inwhich users Domain
and groups can callGroup an internal application programming interface (API)policy
to create and change the size of a page file. This
This
This
Default
Server
Backup setting
on doesAttributes
right defined
workstations
Operators.
Operators not have and the
any Default
effect
servers: on Windows Controller
2000 computers Policy
that haveobjectnot (GPO)
beenand in thetolocal
updated security
Service Pack 2. of the workstations and servers.
Read
Create Permissions
global
Administrators
This security objectsdetermines which accounts can be used by processes to create a token that can then be used to get access to any local resources when th
setting
Users
For information
Default: about how
Administrators, to specify a paging file size for a given drive, see To change the size of the virtual memory paging file.
Users
Local
Everyone
Create Service
permanent shared objectswhether users can create global objects that are available to all sessions. Users can still create objects that are specific to their
Caution
This security
This user setting determines
right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local Syste
Local
Default: Service
Administrators.
Default
Create
Network
This user on domain
Symbolic
Service
right controllers:
Links
determines which
Assigning
Caution
Administrators
Caution this user right can be aaccounts
security risk.can Since
be used thereby processes
is no way to to be
create
sureathat directory
a userobject usingup
is backing the object
data, manager.
stealing data, or copying data to be distributed, on
Debug
Server
This user programs
Operators
privilege determines if the user canoperating
create a system
symbolic linkisfrom thetocomputer he iscomponents
logged on to.
Default
This
Default on
onrightdomain is used
workstations controllers:
internally
and by the thisand useful kernel-mode that extend the object namespace. Because components tha
Assigning
Local Service
Assigning
Administrators
Denyuser access
this
this user
touser
right
thisright
computercan servers:
can be a
befrom Administrators
a security
security
the network
risk.
risk. Assign
Do not assign user right
this user only
rightto to
trusted users.
any user, group, or process that you do not want to take over the system.
Backup
This Operators.
right
None determines which users can attach a debugger to any process or to the kernel. Developers who are debugging their own applications do not need
Default:
Authenticated
Default: Administrator
None.Users
Default:
Deny log on as a batch job
Everyone
This
Default security
on domain settingcontrollers:Administrators
determines which users are prevented from accessing a computer over the network. This policy setting supersedes the Access this comput
Caution
WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that arenÆt designed to handle
Local
Backup Service
AdministratorsOperators
Deny
This log
security on as a service
setting determines which accounts are prevented from being able to log on as a batch job. This policy setting supersedes the Log on as a batch job
Network
Default:
ServerService
Local Service
Guest
Operators
Assigning
Note this user right can be a security risk. Only assign this user right to trusted users.
Pre-Windows
Network Service 2000 Compatible Access
This
This security
Default:settingNone. setting
can be used determines which service
in conjunction a symlink accounts
filesystem are prevented
setting thatfrom can registering
be manipulated a processwith the as command
a service. This policytosetting
line utility controlsupersedes
the kinds ofthe Log onthat
symlinks as aare
se
Service Administrators
Default:
Note: This security setting does not apply to the System, Local Service, or Network Service accounts.
Default: None.
Deny log on locally
Deny log on through
This security Remote Desktop
setting determines which Services
users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting
Enable
This computer
security settinganddetermines
user accounts which to users
be trusted for delegation
and groups are prohibited from logging on as a Remote Desktop Services client.
Important
Force
This shutdown
security from a remote system
setting determines which users can set the Trusted for Delegation setting on a user or computer object.
Default:
If you apply None. this security policy to the Everyone group, no one will be able to log on locally.
Generate
This usersecuritysecurity
setting audits
determines
The
Important or object that is grantedwhich users are
this privilege allowed
must havetowriteshutaccess
down atocomputer
the account from a remote
control flagslocation on the
on the user ornetwork.
computerMisuse
object.ofAthis userprocess
server right can result on
running in a
Default:
flag set.
Impersonate None. a client after authentication
This user
This securityrightsetting
is defineddetermines which accounts
in the Default can be used
Domain Controller by aPolicy
Group process to add
object entries
(GPO) andto inthe
thesecurity log. The
local security security
policy log is usedand
of workstations to trace unauthorized syste
servers.
This
policy
Increase setting
setting does notworking
is enabled. haveFor any effect
more on Windows
information see2000
Audit:computers
Shut downthat have immediately
system not been updatedif unable to Service Pack 2.audits
to log security
This
Assigninguserarightprocess
this is defined
privilege set
toina the
user Default
allowsDomainprograms Controller
running Groupon behalfPolicy object
of that user (GPO) and in the alocal
to impersonate security
client. policythis
Requiring of user
workstations
right for and servers.
this kind of impersonation pr
Default:
permissions toService
administrative or system levels.
Default:
Increase
This Local
scheduling priority
privilege determines which user accounts can increase or decrease the size of a process’s working set.
Caution
Network Service.
On
Caution
Load workstations
Increase andaunload
process and servers:
working
device set
drivers Administrators.
This
On security
domain setting
controllers: determines which accounts
Administrators, Server can use a process with Write Property access to another process to increase the execution priority assigned to
Operators.
Misuse of this user right, or of the Trusted for Delegation setting, could make the network vulnerable to sophisticated attacks using Trojan horse programs that im
This
Lock
Assigningprivilege
pages in
this
This userAdministrators.determines
memory
user right which
can be user
a accounts
security
right determines which users can dynamically risk. can
Only increase
assign or
loadthisanddecrease
user the
rightdevice
unload sizedrivers
to trustedof users.
a process’s
or other code working in toset.
kernel mode. This user right does not apply to Plug an
Default:
Default: Administrators on domain controllers.
Log
Default:
This on as a batch
Users
security setting jobdetermines which accounts can use a process to keep data in physical memory, which prevents the system from paging the data to virtual m
Default:
Caution
Log
This on as a service
security setting allows a user tosetbeoflogged on by means of a batch-queue facility andinisphysical
provided onlymemory.
for compatibility with olderresident
versionsandof Windows.
The
Default:working
Administrators
Assigning thisset
None. of aright
user processcan be is the
a security memory
risk. Do pages
not assigncurrently visible
this user to to
right theanyprocess
user, group, RAM
or process that you These
do not pages
want toaretake over the available for an
system.
Log
Local
This on locally
Servicesetting
security allows a security principal to log on as a service. Services canscheduler
be configured to run under thea Local System, Local Service, or Networkuser.
Serv
For
Warning:example, when
Increasing a user
the and submits
working a job by means of the task scheduler, the task logs that
set size for a process decreases the amount of physical memory available to the rest of the system. user on as batch user rather than as an interactive
Networkon
Default Service
workstations servers:
Manage auditing
Determines which anduserssecurity
can logon toAdministrators.
log the computer.
Service setting: None.
Default
Default
Modify
Default:
This on
an domain
object
Administrators
security controllers:
label
setting determines which users can specify object access auditing options for individual resources, such as files, Active Directory objects, and regis
Important
Note: ByOperators.
Administrators default, services that are started by the Service Control Manager have the built-in Service group added to their access tokens. Component Object Mod
Backup
Modify firmware environment values
Print
This Operators
This privilege
security determines
setting does which
not allowusera accounts can modify
user to enable file and the integrity
object labelauditing
access of objects, such asFor
in For
general. files, registry
such keys,
auditing or
beprocesses
toabout enabled, owned
the Audit by otheraccess
users. setting
Processe
Modifying
In addition,this setting
a user canmay alsoaffect compatibility
impersonate with clients,
an access token ifservices,
any of the and applications.
following conditions compatibility
exist. information this setting, see object
Allow log on locally in
(htt
Perform
This security volume maintenance tasks
setting determines who can modify firmware environment values. Firmware environment variables are settings stored in the nonvolatile RAM of non
Default:
You None
can view audited events in the security log of the Event Viewer. A user with this privilege can also view and clear the security log.
Default:
The
Profile access
singletokenprocessthat is being impersonated is for this user.
This
On security
x86-based setting
computers,determinesthe onlywhich
firmwareusers environment
and groups can valuerunthat
maintenance
can bethe tasks by
modified on assigning
a volume, suchuser as remote defragmentation.
The user, in this logon session, created the access token by logging on to network with explicitthis credentials.right is the Last Known Good Configuration setting, w
Default:
•Profile
On On Administrators.
workstations
Itanium-based
systemsetting and
performance servers:
computers, Administrators,
boot information Backup
is stored Operators,
in Power
nonvolatile RAM. Users,
Users Users,
must and
be Guest.
assigned this user right to run bootcfg.exe and to change the Default
The requested
This security level is less than Impersonate,
determines which users such
can use asperformance
Anonymous monitoring
or Identify. tools to monitor the performance of nonsystem processes.
•Use
On
Because
caution
Onall
domain
computers,when
of these
assigning
controllers:
this user
factors,
this is
Account
right
users
user
do
right. Users
Operators,
required
not usually
withor this
toAdministrators,
install
need this
user right
userBackup
upgrade can exploreand
Operators,
Windows.
right.
disks andOperators.
Print extend files in to memory that contains other data. When the extende
Remove
This computer
security settingfrom docking which
determines stationusers can use performance monitoring tools to monitor the performance of system processes.
Default:
Default: Administrators,
Administrators Power users.
Note:
For This
more
Replace security
information,
a process setting
search doesfor not affect who can modify the
"SeImpersonatePrivilege" system
in the environment
Microsoft Platformvariables
SDK. and user environment variables that are displayed on the Advanced
This security
Default: settinglevel
Administrators.
token whether
determines a user can undock a portable computer from its docking station without logging on.
Default:
Restore
Warning
This Administrators.
files and directories
If thissecurity
policy issetting
enabled, determines
the user which
must log user
onaccounts can call the
before removing the CreateProcessAsUser()
portable computer from its application
docking station.programming interface
If this policy (API) so the
is disabled, thatuser
one may
service can start
remove the p
Shut
This
If you down
security
enable thesetting
system
this determines
setting, programs which that users can
previously bypass
had thefile, directory,
Impersonate registry,
privilege and
may other
lose persistent
it, and objects
they may permissions
not run. when restoring backed up files and dire
Default:
Default: Network
Administrators,Service, LocalUsers,
Power Service. Users
Synchronize
This securitythis directory
setting service data
Specifically, userdetermines
right is similar which users who
to granting theare logged permissions
following on locally to to thethecomputer can shut
user or group down theon
in question operating system
all files and using
folders onthe
theShut Down command. Mis
system:
Take
This ownership
security of files
setting or other objects
determines which users and Operators,
groups have the authority to synchronize all directory service data. This is also known as Active Directory sync
Default
Traverse onFolder/Execute
Workstations: Administrators,
File Backup Users.
Accounts:
Write
This securityAdministrator
setting accountwhich
determines statususers can take ownership of any securable object in the system, including Active Directory objects, files and folders, print
Defaults:
Default onNone.
Servers: Administrators, Backup Operators.
Accounts:
This securityBlock Microsoft
setting accounts
determines whether the local Administrator account is enabled or disabled.
Caution
Default
Accounts: on Guest
Domain controllers:
account statusAdministrators, Backup Operators, Server Operators, Print Operators.
This
Notes policy setting prevents users from adding new Microsoft accounts on this computer.
Assigning this user right can be a security risk. Since owners users with this user
of objects rightfull
have can overwrite
control registry
of them, onlysettings,
assign thishideuser
data, andtogain
right ownership
trusted users. of system objects, o
Accounts:
This securityLimit localdetermines
setting account useif oftheblank
Guest passwords toenabled
consoleorlogon
account isoption, only
disabled.
If
If you select the “Users
you tryAdministrators. can’t add Microsoft accounts” users will not be able to create ne Microsoft accounts on
to reenable the Administrator account after it has been disabled, and if the current Administrator password does not meet the password this computer, switch a local account to ay
requirements,
Default:
Accounts: Rename administrator account
Disabling
This
Default: the
security Administrator
setting
Disabled. account
determines can
whether become
local a maintenance
accounts that are issue
not under
password certain circumstances.
protected can be used to log on from locations other than the physical computer c
If you select the “Users can’t add or log on with Microsoft accounts” option, existing Microsoft account users will not be able to log on to Windows. Selecting this
Workstations
Accounts: and
Rename servers:
guest Administrators,
account Backup Operators.
This
Under security
Safe setting
Mode determines
boot, whether
theisdisabled a differentaccount
Administrator accountwill
name
onlyisbe
associated ifwith
the the
enabledSharing security
machine identifier (SID)
is non-domain for the account Administrator. Renaming the we
Default:
Domain
Note:
If you If
Enabled.
controllers:
the
disable Guest
oraccessAdministrators,
doaccount
not thisBackup
disabled
configure and the
policy Operators, Serverusers
security option
(recommended), Operators.
NetworkwillAccess: and Security
be able to use Microsoft Model
accounts forjoined
with local and
Windows.
there is
accounts are
setnotoother
Guestlocal active
Only, administr
network logon
Audit:
This Audit
security the of global system objects
setting determines whether a different account name is associated with the security identifier (SID) for the account "Guest." Renaming the well-kno
Default:
Default: Administrator.
Disabled.
Audit:
Warning:
This Audit the
security use of
setting Backup and
determines Restore
whether privilege
to audit the access of global system objects.
Default: Guest.
Audit:
This Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings.
If thissecurity
Computers policythat issetting
are not
enabled, determines
in physically
it causes whether
secure
system to audit the
locations
objects, such use asofmutexes,
should allalways
user privileges,
enforcesemaphores
events, including
strong Backup
passwordand DOS anddevices,
policies Restore,
for all to when
local
be usertheaccounts.
created Audit
withprivilege use
Otherwise,
a default policy
system anyoneis inwith
access effect. Ena
physica
control lis
If you
Audit: Shut
Windows apply this
down
Vista security
and system
later policy
versions to
immediately the
of Everyone
if unableallow
Windows group,
to logaudit no one
security
policy will
audits
to be
be able
managed to log on
in a through
more Remote
precise Desktop
way using Services.
audit policy subcategories. Setting audit policy at th
If you When
Note: disableconfiguring
this policy,this thensecurity
use of the Backup or Restore
will notprivilege is not audited even Windows.
when Audit privilege use is enabled.
the
DCOM: domain or upgraded
Machine Access to Windows setting,
Restrictions Vista or changes
in Security laterDescriptor
versions. Totake allow
Definition
effect until
audit you restart
policy to be managed using subcategories without requiring a change to Group Policy
Notessecurity
This setting determines whether the system shuts down if it is Language
unable to log (SDDL) syntax
security events.
Note:
Default: On Windows
Disabled. versions prior to Windows Vista configuring this security setting, changes will not take effect until you restart Windows. Enabling this setting c
If thepolicy
DCOM:
This category
Machine
setting level
Launchaudit Restrictions
determines policywhichset here is or
notgroups
in Security
users consistent
Descriptor
can with the events
Definition
access that are(SDDL)
Language currently being
syntax generated, the cause mighttobe that this
the registry key is set.
This
If thissetting
security does not
setting affect logonsit that
is enabled, causes usethedomain
system accounts.
to stop if a DCOM
securityapplication
audit cannot remotely
be logged or locally.
for anyThisreason. setting is used
Typically, an control
event fails attack
to surface
be logged of the
when theco
Default:
It is possible
Devices: Disabled.
Allow for applications
undock that
withoutwhich use
havingusersremote
to logoron interactive logons to bypass this setting.
Default:
This
You policyDisabled
setting determines groups can launch or activate DCOM applications remotely or locally. This setting is used to control the attack surf
If thecan use this
security log policy
is full andsetting to specify
an existing access
entry cannotpermissions
be overwritten, to all the andcomputers
this security to particular users forthe
option is enabled, DCOM applications
following Stop error in the enterprise. When you specify
appears:
is
Thisdefined
Devices:
Note: security in the
Allowed
Remote template,
setting to format
Desktop but
andit eject
Services
determines iswhether
notremovable
was enforced.
called
a Users
media
Terminal
portable and groups
Services
computer canundocked
in previous
can be be given
versions explicit Allow
of Windows
without having ortoServer.
Deny
log privileges
on. If this on both
policy is local access
enabled, logon and
is notremote access.
required and an exa
You can use this setting to grant access to all the computers to users of DCOM applications. When you define this setting, and specify the users or groups that
STOP:
but it
Devices: is C0000244
not enforced.
Prevent {Audit
users Users Failed}
from and groups
installing can
printer be given
drivers explicit
when Allow
connecting or Deny
to sharedprivileges
printers on local launch, remote launch, local activation, and remote activation.
The
This registry
security
An attempt
Default: tosettings
Enabled. setting
generate thata are
determines created
security who
auditasfailed.
is a resultto
allowed offormat
enabling andthe ejectDCOM: Machine
removable NTFS Accessmedia.Restrictions in Security
This capability can be Descriptor
given to: Definition Language (SDDL) syntax
entries
To recover,take precedence
an administrator over the existing
must log on, registry
archive keyslog
the under OLE. This
(optional), clear means
the log,that
and previously
reset this existing
option registry
as desired. settings
Until are security
no longer effective, and ifnoyou make
Devices:
The aregistry
For Restrict
computer
Administrators settings CD-ROM
to print thattoare access
created
a shared to locally
as a result
printer, logged-on
of this
the driver user
forpolicy only
take precedence
that shared printer must over
be the previous
installed registry
on the local settings
computer. Thisthis
in this area. Remote
security setting is reset,
Procedure
setting determines Callwhousers,
Services oth
is allow(
Caution
as part of connecting to a shared printer.
The possible
Administrators
Devices:
Note:
This On Restrict
Windows
security values
and
setting floppyfor
versions this
Interactive
access
determines policy
Users
priorto setting
locally
to Windows
whether a are:
logged-on
Vista
CD-ROM user only thistosecurity
configuring
is accessible both setting,
local and changes
remote will
users not take effect
simultaneously. until you restart Windows.
The possible values for this Group Policy setting are:
Disabling
Default
Devices: on this policydriver
servers:
Unsigned may tempt
Enabled. usersbehavior
installation to try and physically remove the laptop from its docking station using methods other than the external hardware eject butto
ò Blank.
Default:
This
Default:
If this This
This
security
Disabled.
policy represents
ispolicy
setting
enabled, the
isdetermines
not localwhether
defined
itDisabled
allows security
and only policy wayfloppy
Administrators
removable of deleting
have
media the
thisare policy
ability.
accessibleenforcement
to both key.
local This
and value
remote deletes
users the policyisand
simultaneously. then sets
and it as Notisdefined state. T
ò Blank.
Default This
on represents
workstations: the localonly the
security interactively
policy way of logged-on
deleting user to
the policy access removable
enforcement key.CD-ROM
This value media.
deletes If this
thepolicy
policy and enabled
then sets itnotoone loggedstate.
Not defined on inteT
Domain
This controller:
security setting Allow server
determines operators
what happensto schedule
when antasks
attempt is made to install a deviceand driver (by means of policy
Setupwhen API) thatenable
has
ò SDDL.
If this
Default: Thisispolicy
policy isenabled,
the Security Descriptor
it allows only
andthe Definition
interactivelyLanguage is notrepresentation
logged-on user to to
access of locally
the groups
removable privileges
floppy media. you
If thisspecify is you
enabled andnot been
this
no one tested
policy.
is logged by on
theinterac
Windo
ò SDDL.This This is the is not
Security defined
Descriptor CD-ROM
Definition access
Language restricted
representation theof the groups logged-on user.
and privileges you specify when you enable this policy.
Domain
This controller:
securityare: LDAP server signing requirements
setting determines if Server Operators are allowed to submit jobs by means of the AT schedule facility.
Notes
The
ò Notoptions
Default: Defined.
This policy This is is not
the defined
default value.
and floppy disk drive access is not restricted to the locally logged-on user.
ò Not Defined. This is the default value.
This
Note: security
This settingsetting
security determines whether theATaLDAP server requires signing to be thenegotiated with LDAP clients, as follows:
This
Note setting
Silently succeeddoes not affect the ability tothe
only affects add schedule
local printer. facility; it does not affect Task Scheduler facility.
Default:
Note
This This policy is not defined, which means that the system treats it as disabled.
If thesetting
Warn
None: but
Data does
allow
administrator
signing not isaffect
installation
is denied Administrators.
permission
not required in order to to
access DCOM
bind with the applications
server. If thedue client to the changes
requests datamade to DCOM
signing, the server in Windows,
supportsthe it. administrator can use the DCOM: M
If
Do thenotadministrator
computer allow
both installation
locally is denied access to using
and remotely activatethisand launch DCOM applications due to the changes made to to DCOM in this version and of Windows,
To do this
this,policy
open setting
Require signature: Unless TLS\SSLby is being used, setting.
the LDAP This will restore
data signingcontrol
option of mustthe DCOM
be application
negotiated. the administrator users. the DC
Machine
Default:
setting and Launch
Warn sets but Restrictions
theallow in
installation.
appropriate Security
SDDL value. Descriptor Definition Language (SDDL) syntax policy setting. This restores control of the DCOM application to the admi
permissions for those groups. This defines the setting and sets the appropriate SDDL value.
Default: This policy is not defined, which has the same effect as None.
Domain controller: Refuse machine account password changes
Domain member:
This security Digitally
setting encrypt
determines or signdomain
whether secure controllers
channel datawill(always)
refuse requests from member computers to change computer account passwords. By default, m
Domain
This member: Digitally encrypt secureall channel
securedata (when possible)
If it issecurity
enabled, setting determines
this setting does not whether
allow a domain channel
controllertraffic initiated
to accept anyby the domain
changes member must
to a computer be signed
account's password.or encrypted.
Domain
This member:
security Digitally
setting determines sign secure
whether channel
a domaindata (when
member possible)
attempts tothat,
negotiate
When
Default: a This
computer policyjoins a domain,
is not defined, a computer
which means account
that theissystem created. After
treats whenencryption
it as Disabled. the systemfor all secure
starts, it useschannel
the computertraffic that it initiates.
account password to create a secure c
Domain
This securitymember: Disable
setting machine
determines account
whether password
a domain member changes attempts tothat,
negotiate signing for all secure channel traffic that account
it initiates.
When a computer joins a domain, a computer account is created. After when
This setting determines whether or not all secure channel traffic initiated by the domain member meets minimum security requirements. the system starts, it uses the computer password to create
Specifically a secure c
it determine
Domain
negotiated.
Determines member:
If this
whether Maximum
policy is
a domain machine
disabled,
member account
then password
encryption
periodically and
changes age
signing of all
its computer secure channel
account traffic
password. is negotiated
Ifstarts,
this setting with
isthethe
enabled, Domain Controller
the account
domain member in which doescase the level
not attempt of
to si
cc
When
This a computer
setting joins
determines awhether
domain, oranotcomputer
the domain account member is created.
attempts After to that, whenencryption
negotiate the systemfor it useschannel
all secure computer
traffic that password
it initiates. to create
If enabled, theadomain
secure m
default
Domain is every
member: 30 days.
Require strong (Windows 2000 or then
later) session key
channel
This
Domain will
security
member:be encrypted.
setting If
determines
Digitally this
encrypt setting
how often
secure is disabled,
a domain
channel data member the
(when domain
will member
attempt
possible) to will
change not attempt
its computer to negotiate
account secure
password. channel encryption.
This setting determines whether or not the domain member attempts to negotiate signing for all secure channel traffic that it initiates. If enabled, the domain mem
Domain
Default:
Interactive
This member:
Disabled.
security logon: Digitally
Do
setting sign secure
not display
determines last user
whether channel
namedata
128-bit key (when
strength possible)
is required for encrypted secure channel data.
Default:
This securityEnabled.
30 days.
setting determines whether the name of the last user to log on to the computer is displayed in the Windows logon screen.
Default:
Interactive Enabled.
Logon: Display user information when session is locked
Default:
Notes
If
When Enabled.
this policy
a computeris enabled,
joins athe name of
domain, the last user
a computer to successfully
account is created.log Afteron that,
is notwhen
displayed in the starts,
the system Logon itScreen.
uses the “. computer account password to create a secure c
Important
Notes:
Interactive logon: Do not require CTRL+ALT+DEL
Notes:
This
If thissecurity
Dependingpolicyon issetting
disabled,
what shouldthe not
version name
of be of
Windows enabled.
the islastComputer
user toonlog account
ondomain passwords
is displayed. are
thatused to establish secure channel communications between members and domain
There
This
This is no known
setting applies reason
to for
Windows disabling
2000 thisrunning
setting.
computers, but itthe
Besides isdual-boot controller
notunnecessarily
available reducing
through theSecurity
the domain
usethe
member
potential
Configuration is communicating
confidentiality
Manager level of with
Iftoolsthe and
onsecure
these the settings
channel,
computers. of the parameters:
disabling this setting
If thesetting
Interactive
This security should
policylogon:
Domain
setting not
Machine be used
member:
determinesaccount in an
Digitally
whether attempt
threshold.
encrypt toorsupport
pressing sign secure
CTRL+ALT+DEL channelscenarios
is data
required that
(always)
before isthe same
enabled,
a user cancomputer
then
log this account.
on. policy you
is assumed want to dual-boot
to be two
enabled regardless installations that a
of its curren
If
Thethis
Default:
Domain policy
machine is
Disabled.
controllers
member: enabled,
lockout are
Digitally the
policy
also policy
is
domain
encrypt Domain
enforced
or only
members
sign member:
onand
secure those Digitally
machines
establish
channel datasign
secure secure
thatchannels
(always) channel
have Bitlocker with data
other (when
enabled possible)
for protecting
domain controllersis assumed
OSin volumes.
the sameto be enabled
Please ensure
domain as regardless
well that
as of its
appropriate
domain current setting
recovery
controllers in t
Note: Domain
Interactive
If this policy is controllers
logon: Machine
enabled, theare also Domain
inactivity
policy domain
limit. members
member:data and establish
Digitally securechannel
channels with(when
other possible)
domain controllers in to
thebesame domain as well of asits domain
currentcontrolle
Domain
If member:
this policy Digitally
is enabled on a encrypt
computer, secure channel
a user is not required (whensign secure
topossible)
data is assumed
press CTRL+ALT+DEL to log on. Not having to press CTRL+ALT+DEL leaves users susceptible
enabled regardless setting
Logon
This
Some information
security
or all ofsetting transmitted
determines
theinactivity
information over the
theisusers
numbersecure of channel
failed logon is secure
always
attempts encrypted
that causes regardless
the machineof whether
to be encryption
locked out.ofdetermines
AALL other
locked secure
out machine channel
or can traffic
only beisrecovered
negotiatedbyis orp
Interactive
Windows logon:
notices Message of athat
text for
logon transmitted
attempting
session, and overif tothe
the log on
amount channel
of inactive will be exceeds
time encrypted. theThis policy
inactivity setting
limit, then the screen whether
saver will not
run,128-bit
lockingkey thestrength
session.
If this policy is disabled, any user is required to press CTRL+ALT+DEL before logging on to Windows (unless they are using a smart card for Windows logon).
Failed password
Interactive
If thissecurity
This setting logon:
is attempts
Message
enabled,
setting against
then
specifies title
a for
the workstations
users
secure
text message channel orwill
attempting
that member
is to not logbeon
displayed servers
establishedthat when
to users have
unless been locked
128-bit
they log using either
encryption
on. can CTRL+ALT+DELETE
be performed. If this setting or password protected
is disabled, then thescreenkey save
stren
Default: not enforced.
Default on domain-computers:
Interactive logon: Number of Disabled.
previous logons to cache (in case domain controller is not available)
The
This machine
Default:
This
Default security
Disabled.
texton lockout
setting
is stand-alone
often used policy
allows
for is enforced
the
legal
computers: specification
reasons, only
Enabled. on
of athose
for example,title to machines
to appear
warn usersinthat have
theabout Bitlocker
title bar
theof the enabled
window of
ramifications formisusing
that protecting
contains OSInteractive
the
company volumes. Please ensure
to warnthat
logon:orMessage
information text
them thefor
appropriate
that users recov
their attempting
actions m
Interactive
All previous logon:
users'Prompt user to change
logon information password
is cached before
locally expiration
so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are abl
Default:
Important
Default: No
No message.
message.
Interactive
Determines logon:
how far Require Domain
in advance Controller
(in days) authentication
users are thatunlock
to
Windows cannot connect to a server to confirm yourwarned
logon settings. theirYoupassword
have beenis about to expire.
logged With
on using this advance
previously warning,
stored accountthe user has time
information. to changed
If you constructyour
a paa
In order
Interactive to take advantage
logon: Require of this
smart cardto unlock a locked computer.and
policy on member workstations servers, all domain controllers that constitute the member's domain must be running Windo
Logon
In information must be provided For domain accounts, this security setting determines whether a domain controller must be co
If aorder
Default:
domainto take
14 days. advantage
controller of this policy
is unavailable and on domain
a user's controllers,
logon informationall domain controllers
is not cached, the in theissame
user domain
prompted withasthis
wellmessage:
as all trusted domains must run Windows 2000
Interactive
This logon:
security Smart card removal behavior
setting requires users to log on to a computer using a smart card.
Default: Disabled.
The system
Microsoft cannotclient:
network log you on now
Digitally because
sign the domain(always)
communications <DOMAIN_NAME> is not available.
This
The securityare:
options setting determines what happens when the smart card for a logged-on user is removed from the smart card reader.
Important
In
Thisthissecurity
Microsoft policy setting,
network
setting a value
client: of 0whether
Digitally
determines disables logon caching.
sign communications
packet signing(ifisAny
servervalue
required above
agrees)
by 50 only
the SMB caches
client 50 logon attempts.
component.
The options
Enabled: are:
Users can toonly log on to the computers,
computer using aissmart card. through the Security Configuration Manager tools on these computers.
This setting
Microsoft applies Windows 2000 but it not available
Default:
Disabled.
This
The 25network
Users
security settingclient:
can log Send
on unencrypted
to the
determines computer
whether the password
using
SMB any to attempts
connect to
themethod.
client to third-party
negotiate SMB packet
file SMB
serverssigning.
ò Noserver
Default:Action message
Disabled.
block (SMB) protocol provides basis for Microsoft and print sharing and many other networking operations, such as remote Window
further
Microsoft
ò
If Lock
this communication
network
Workstation
security server:
setting iswith an
Amount
enabled, SMB of
the server
idle
Server is
time permitted.
required
Message before
Block suspending
(SMB) a
redirector session
is allowed to send and
plaintext
The server message block (SMB) protocol provides the basis for Microsoft file and print sharing manypasswords to non-Microsoft
other networking operations,SMB
suchservers that do
as remote not s
Window
ò Force
Important
SMB
Microsoft Logoff
packet signing
network when
server: it connects
Attempt to
S4U2Self an SMB
to server.
obtain claim information
If
ò this
This setting
security
Disconnect
Sending is enabled,
setting
if a
unencrypted the
determines
Remote Microsoft
Desktop
passwords the network
aamount
isServices
security client will not
ofrisk.
continuous
session communicate
idle time that must with a Microsoft
pass network
in a Server server
Message unless
Block that session
(SMB) server agrees
before to
theperform
sessionSMB packet sign
is suspended d
Microsoft
This
If thissetting
settingnetwork
will
is server:
apply
enabled, istoto anyDigitally
the computers
Microsoft signnetwork
communications
running Windows
client will (always)
2000
ask of the through
serverprior changes
to inSMBthe registry, butIf the security setting is notthe viewable through thebeenSecurity Cono
Default:
If yoube
Default:
security
AdministratorsDisabled.
click Lock
Disabled.
setting
can use
Workstation thissupport
policy
in the
clients
toProperties
controlrunning
when a aversion
dialog computer
box fortothis
Windows
suspends
policy, anperform
the
to Windows
inactive
workstation SMB packet
8 Consumer
isifsession.
locked
signing
when client upon
Preview
the
session
activity
smart
that aresetup.
resumes,
card
trying
is removed,
Iftopacket
access
session signing
aisfile
allowing
has
share
automatically
users
that
to leave
enabled
requires
reestabl
the ar
only
Microsoft set to
network enabled server: if the file
Digitally server is using
sign communications user claims control
(if required
client agrees) access to files, and the file server will support client principals whose accounts may be in
This
Default:security
Enabled. setting determines whether packet signing is by the SMB server component.
Important
For
If you this policy
click Force setting,
Logoff a value
in the of 0 meansdialog
Properties to disconnect
box for an idle
this policy, sessionthe as quickly
user is as is reasonably
automatically logged possible.
off when Thesmart
the maximum card value
is removed.is 99999, which is 208 days; in
This
This setting
Microsoft
security should
networksetting be
server: set Disconnect
determines to automatic whether (default)
clients
the when
SMB soserver
that the
logon hours
willfilenegotiate
server
expire can SMB automatically
packet signing evaluatewith and whether
clients that claims
request areit.needed for the user. An administrator would
The server
Notes message block (SMB) protocol provides the basis for Microsoft file and print sharing many other networking operations, such as remote Window
For
If this
Default:This
you click
further policy to
policy
Disconnect
communication takeis effect
not defined,
if aServer
with on
Remote
an computers
SMB which
Desktop
client running
means that
Services Windows
the system
session, 2000,removal client-side
treats it as 15
ofexamine packet
the smartminutes signing
card for must
servers
disconnects also
and be
undefined
the enabled. for
session without To enable
workstations.
logging client-side
the user SMB
off. Thispacket allowssigning,
the use se
Microsoft
When
This security
Computers
The server
network
enabled that
message this
setting
have
server:
security
determines
this policy
block setting
(SMB)
SPN
set will
whetherwillcause
protocol nottoisprovides
target
be
permitted.
name
the
disconnect
able
validation
Windows
tothe users
communicate
basis
level
filewho server
for are to
with
Microsoft connected
computers
file and the
to theaccess
that
print local
do not
sharing token andofmany
computer
have an authenticated
outside
server-side othertheir user
packet
networking network
account's
signing client principal
valid
enabled.
operations, logon
By default,
such as and
hours. determine
remote This if c
setting
server-side
Window
All
accessWindows
antoken
Server-side operating
for
packet the systems
client
signing principal.
can support
it.be both
A claims-enabled
enabled on acomputers
client-side token SMB
runningmay component
be neededand
Windows a and
to access
2000 server-side
filesby orSMB folderscomponent.
which have Toclaim-based
take server:
advantage access of SMB signpacket
control policy signing,
applied. both(if t
when
Network
Note:
If
Thethisserver
server-side
SMB
access:
Remote
setting message
SMB
client
Allow
isDesktop
enabled, requests
block
components
anonymous
Services
the(SMB) Microsoftwas SID/name
called
protocolnetwork translation
Terminal
server
provides theServices
will not
basis inpolicy
previous
communicate
for file and versions
with
printer of later
a Microsoft
sharing Windows
and
setting
network
many Server. Microsoft
client
other unless
networking
network
that client
operations, agrees Digitally
suchtoexpire.
perform
as
communications
remoteSMB Windows packetadminsigni
When
Server-sidethis policypacket is enabled,
signing can it is becontrolled
causes enabledclient by
on the
sessions following
computers with four
the
running SMB Windows settings:
Service to be
NT 4.0forcibly
Service disconnected
Pack 3 and when later by thesetting
client's thelogon hours
following registry value to 1:
setting
Microsoft will affect
network both
client: SMB1 Digitally and SMB2.
sign communications (always) -toControls awhether or notasthe client-side SMB component
If this
Network
This setting
access:
This
is
is
policy
disabled,
Do
enabled,
setting not
notthe
isdetermines
the Microsoft
allow
defined,
Windows
anonymous
if an
which
file server
network enumeration
HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
If thissecurity
setting meansserver
anonymous will
user
that
not
will
thecanofattempt
SAM
negotiate
systemrequest obtain
accounts
SMB
security packet claim-enabled
signing
identifier access
requested
(SID) attributes token
for for
thethe
byanother client
client. That
user. is,requires
principal. if packetpacket signing signing.
has been enabled o
Default:
Microsoft
If this policy network
is disabled,client: Digitally
an established sign communications
client session is(ifallowed server treats agrees)
to
it as
be maintained
No
- Controls action. whether
after the client'sor not logon
the client-side
hours have SMB component has packet signing enabled.
expired.
This
Network security
Microsoft access:
networksetting Do determines
not
server: allow
Digitally the
anonymous
signlevel of validation
enumeration
communications a SMB
of SAM
(always) server
accounts performs
- Controls and on
shares
whether the service principal name (SPN) provided by the SMB client when trying to es
Default:
This
Server-side
Default:
If
On this
Windows
Automatic.
security
Enabled
policy issetting
packet
Vista on
enabled, determines
signing
domain
and a user
above: cannot what
controllers
with be
For signthis
additional
enabled
only. to
knowledge
setting ofpermissions
on computers
an
work, administrator's
the
will be
running granted
Windows
SID could forcontactor or
anonymous
95 not the
Windows
aservice
computer
server-side
connections
98. that has to SMB
this
component requires packet signing.
the computer.
policy enabled and use the SID to get the adminis
Disabled
Microsoft
Default on for member
network
Windows server:servers.
Vista: Digitally
Enabled. communications (if Smart Card
client agrees) Removal
- Controls Policy whether must
or not the beserver-side
started. SMB component has packet signing enabled.
Network
Enabled
The
This optionsaccess:
for
security domain
are:
setting Docontrollers.
not allow storage
determines whether of credentials
anonymous or .NET Passports for accounts
network authentication
If server-side
Default
Windows on WindowsSMB signing
XP:and is users
Disabled required, a client will notenumeration
be able tosuch of as
establishSAM a session and the shares
with that server is
of allowed.
unlessaccounts it has client-side SMB shares.signing This enabled. By default,for cl
Notes
Important
Default onallows
workstationsanonymous member to servers:
perform certain
Disabled. activities, enumerating names domain and network is convenient,
Similarly,
Network if client-side
access: Let SMB
Everyone signing is
permissions required, apply thatto client
anonymous will not be
users able to establish a session with servers that do not have packet signing enabled. By default
Default
Notes
No on
Thisvalidation
security domain
setting
-SMB controllers:
validationdeterminesofadditional
the Enabled.
whether
SPN towill Stored
not User activities,
becertain
performed Names by and Passwords saves passwords, credentials, or .NET and Passports forshares.
later use when it gains doma
Windows
If
Allserver-side
This
For security
Windows
Windows
allows anonymous
2000 signing
option
operating allows
serverssystems isto users
enabled,
support
negotiate
perform
SMBbothpacket
restrictions
signing to signing
with be
a client-side placed
Windows SMBwillthe
onbe
NT
SMB
such
anonymous
component
4.0
asserver.
negotiated enumerating
clients, and with
connections
thea following
the names
clients
server-side that
as have of
follows:
SMB
registry
domain
client-side
component.
value
accounts
must SMB be Tosetsigning
take
network
1 onenabled.
to advantage the server of SMB
This
runningpacket
is convenient,
signing,2000:
Windows
for
both tH
Network
Using
This
signing SMB access:
security packet
for client setting Named
and signing
determinespipes
server-side can that
degrade
what
SMB can be
additionalaccessed
performance anonymously
up
permissions to 15 are percent
granted on file
for service
anonymous transactions.
connections to the computer.
If
Allit Windows
is enabled,
Validate
Default: ifDoprovided
Disabled. this
operating setting systems
by enumeration
client prevents
- the support
SMB thecomponents
Stored
bothaccounts.
server User
awill isNames
client-side controlled
validate SMB
theand SPN
by the following
Passwords
component
provided from
andby athe
four
storingpolicy settings:
SMB passwords
server-side client SMB and credentials.
andcomponent.
allow a session Tothe
take beadvantage
tosecurityestablished of SMB packet
if it matches signing,
the SMBboth serve t
Enabled:
Microsoft
Notes
Network not allow
network
access: client:
Remotely Digitally
accessible sign of communications
SAM
registry paths This
(always)option replaces
- Controls Everyone
whether orwith
not Authenticated
the client-side Users SMB componentin requirespermissions for
packet signing. resources.
server-side
This security
Disabled: SMBsetting
Noconfiguring components
additional determines
restrictions. is controlled
which by
communicationthe followingsessions four policy
(pipes) settings:
will have attributes and permissions that allow anonymous access.
Windows
Microsoft allows
network anonymous
client: Digitally userssign toRely on default
perform
communicationscertain permissions.
activities,
(if server such as enumerating the Windows.
names of the
domain accounts and network shares. This signing
is convenient, for
Note:
Microsoft
Require When network
match from client:
client this security
Digitally
- the SMB signsetting, changes
communications
client MUST sendwill not
(always)
a SPN take -agrees)
name effect
Controls - Controls
until you
whether whether
restart
or not
andIfthe
orclient-side
not client-side
SMB SMB
component component
requires has
packet packetsigning. enabled.
Therefore,
Network
Microsoft
All
ForWindows
This more
security permissions
access:
network
operating
information
setting Remotely
server: granted
systems
about
determines accessible
Digitally
Stored to the
sign
support
whichUser Everyone
registry
both
Names
registry group
a paths
communicationsclient-side
and
keys anddo
Passwords,
can be not
subpaths
(always)
SMB apply
accessedcomponent
see toin
- Controls
session
anonymous
Stored
over whether
and
the User
setup,users.
or not
a server-side
Names
network,
the
and this
the
regardlessSMB
SPN
option name
server-side is set,
component.
Passwords.
of the
provided
SMB
users anonymous
To
or
MUSTusers
component
takecomponent
groups
match
advantage
listed can
requires
the
in the
SMB
ofonly
packet
SMB
access
serverthose
access signing.
packet
control
that is
signing,
list
being re
resources
bothot
(ACL)
Microsoft
Default:
Default network
None.
onnetwork
workstations: client: Digitally
Enabled. sign communications (if server agrees) - Controls whether or not the client-side SMB has packet signing enabled.
Microsoft
server-side
Microsoft SMB
network server:
components Digitally
server: anonymous
Digitally sign
is controlled
signaccesscommunications
by the following
communications (if client
four policy
(always) agrees)
- Shares
Controls - Controls
settings: whetherwhether or not the or server-side
not the server-side SMB component SMB component requireshas packetpacket signing enabled.
signing.
Default:
Network
Default
If this No
on
policy validation
access: Restrict
server:Disabled.
issetting
enabled, the Everyone SID towill
is added Named toand
the Pipes
tokento andthat is created for anonymous connections. In this ofcase, anonymous users are in able
This security
server-side
Microsoft
Default: network
Disabled. SMB determines
signing
client: is
Digitally which
required,
sign registry
a client
communications paths not be subpaths
able
(always) - can
establish
Controls be aaccessed
session
whether or over
with
not the server,
that network,
client-side regardless
unless SMB it has the users
client-side
component requires or groups
SMB signing
packet listed
enabled.
signing. thetoBy access
access con
default, anc
Microsoft network server: Digitally sign communications (if client agrees) - Controls whether or not the server-side SMB component has packet signing enabled.
default,
Microsoft
Network
If server-side
server-side network
access: SMB SMB
client:
Shares
signing signing
Digitally
thatis is
sign
cansupport enabled
berestricts
required, accessed
a clientonly
communications on domain
anonymously
will not be(if able controllers.
server to agrees)
establish - Controls
a session whether
with that or not
server the client-side
unless it has SMB component
client-side SMB has
signing packetenabled. signing By enabled.
default, cl
All
When Windows
Important enabled,
Disabled.operating
this systems
security setting both a client-side
anonymous SMB
access component
to shares andand a
pipes server-side
to the SMB
settings component.
for: This setting affects the server SMB behavior, and
Default:
If server-side SMBserver:signing issigning
enabled, SMB packet
Microsoft network
System\\CurrentControlSet\\Control\\ProductOptions
Similarly,
for if client-side
SMB servers". SMB Digitally sign communications
is required, that signing
client(always)willnot
will be-be negotiated
Controls
able to whether with clients
establish ora not that
session thehave withclient-side
server-side
servers SMB SMB
that dosigning
component
not have enabled.
requires packet signing.
packet signing enabled. By default
Using
Network
Microsoft SMB access:
packet
network Sharing
signing
server:
System\\CurrentControlSet\\Control\\Server
This
If security
server-side setting
SMB determines
signing and
can
Digitally
is security
impose signmodel
which
enabled, up topacket
network
SMB afor15
communications local
percent
Applications
shares accounts
can
signing (ifperformance
client
accessed
will be agrees) by
negotiated hit- on
anonymous file service
Controls
with whether
users.
clients transactions.
that orhave
not the server-side
client-side SMB SMB
signing component
enabled. has packet signing enabled.
Network
This policy access:
has noNamed
impact pipes
on
System\\CurrentControlSet\\Control\\Print\\Printers that can
domain be accessed anonymously
controllers.
If server-side SMB signing
Software\\Microsoft\\Windows
Using SMB packet signing can is required, aperformance
NT\\CurrentVersion
degrade client will notup beto able15 to establish
percent on file a session
service with that server unless it has client-side SMB signing enabled. By default, cl
transactions.
Network access:
security: Shares
Dodetermines
not that
store canLAN beManager
accessed hashanonymously
System\\CurrentControlSet\\Services\\Eventlog
This security
Similarly,
Default: setting
if client-side
None specified. SMB signing how isnetwork
required, thatvalue
logons that on
client willnext
use local
not passwordable to change
beaccounts are authenticated.
establish a session Ifwith thisservers
setting that is set dotonotClassic,
have packet networksigning logonsenabled. that useBy local acco
default
Default: Enabled.
Software\\Microsoft\\OLAP Server
If server-side
Caution
Network
Important security: SMBForce signing is
logoff enabled,
when SMBhours
logon packet signing will be negotiated with clients that have client-side SMB signing enabled.
expire
This security setting
If this setting
Using SMB packet is set to determines
Guestcan
signing only, if, at the next
NT\\CurrentVersion\\Print
network
impose up logons password
to a 15 that percent change,
use performance
local accountsthe LAN Manager
hitareon automatically (LM) hash
file service transactions. value for the new password is
mapped to the Guest account. By using the Guest model, you can hastored. The LM hash is relatively we
Network
Incorrectly security:
editing LAN Manager
thedetermines
registry NT\\CurrentVersion\\Windows
authentication level
This
For security
this policy setting
to take effect onmay severely
whether
computers damage
torunning
disconnect your
Windows users system.who are
2000, Before making
connected
server-side changes
to
packet localtocomputer
thesigning the
must registry,
alsooutsidebeyou should
their user
enabled. Toback up any
account's
enable valued
valid logon
server-side data
SMB onpacket
the This
hours. computer.
setting
signing,
System\\CurrentControlSet\\Control\\ContentIndex
Default
Note: This onnetwork
domain
securityserver:computers:
setting is not Classic.
available on earlier versions of Windows.
Microsoft
Default
Network on Windows
security: LDAP Vista: Digitally
Enabled
client signing signrequirements
communications (if server agrees) The security setting that appears on computers running Windows XP, "Network acces
System\\CurrentControlSet\\Control\\Terminal
Default
This
Remotely
When onaccessible
security
this stand-alone
setting computers:
determines
registry itpaths whichGuest
and only
subpaths. Server with the
challenge/response authentication
SMB serverprotocol is used for network when logons. theThis choice affects theexpire.
level of authentication proto
Default on policy
Windows is enabled,
XP:
System\\CurrentControlSet\\Control\\Terminal Disabled. causes client sessions
Server\\UserConfig
to be forcibly disconnected client's logon hours
Default:
For
NetworkWindows security: 2000 servers
Minimum to negotiate
session signing
security for with
NTLM Windows
SSP based NT 4.0 clients,
(including the
secure following
RPC) registry
clients value must be set to 1 on the Windows 2000 server:
This security setting determines
System\\CurrentControlSet\\Control\\Terminal
Important
Send the level of data signing that is requested
Server\\DefaultUserConfiguration onneverbehalfuse of clients issuing LDAP BIND domainrequests, as follows:
If this LMpolicy& NTLMis disabled,responses: an establishedClients use LM
client
HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\enableW9xsecuritysignature
Important
and
session NTLM authentication
is allowed and
to be maintained after NTLMv2
the client's session
logon hours security; have expired. controllers accept LM, NTLM, and NTL
Sendsecurity
LMsecurity:
& NTLM - use NTLMv2 NT\\CurrentVersion\\Perflib
session security if negotiated: Clients use LM and NTLM authentication
Network
None: The LDAP
Minimum
System\CurrentControlSet\Control\ProductOptions
This setting BIND allowsrequest asession
client
is tosecurity
issued require
with
for
the
the
NTLM SSP based
negotiation
options that ofare (including
128-bit
specified encryption secure
the and/or
bynetwork
RPC)NTLMv2
caller.
servers sessionand use NTLMv2
security. These values sessionare security
dependent if the on server
the LANsupport
Ma
System\\CurrentControlSet\\Services\\SysmonLog
With
Send the
NTLM Guest only
response model,
only: any
Clients user who can access yourwith computer andover the (including anonymous Internet users)it;can access your shared resources.
System\CurrentControlSet\Control\Server
Default:
Computers
Windows
Negotiate Enabled.
2000that
signing: have
Service
If thisPack
Transport policy 2 set use
(SP2)
Layer will
and
NTLM
not above
Security/Secure
authentication
Applications
communicate
offer compatibility
Sockets
only
computers
Layer with
usethat NTLMv2dohas
authentication
(TLS\SSL) notsession
have
notto previous
been
security
client-side
started,
ifpacket
versions
the server
the of
LDAP signing supports
Windows,
BIND enabled.
such
request
domain
Client-side
asis
controllers
Microsoft
initiated packet
Windows
with the
accept
signing
LDAP NT
LM,
can
4.0.
data
NTL
be
sig e
System\\CurrentControlSet\\Services\\CertSvc
anyone
Send
This to
NTLMv2
security accesssetting shared
response allows system
only: resources.
Clients
a NT\CurrentVersion
server touse NTLMv2
require authentication
the negotiation onlyprotocol
of 128-bit and useisNTLMv2
encryption session security if the serverThesesupports it; domain controllers on accept
the LANLM,
Software\Microsoft\Windows
Require
This setting
Require NTLMv2 canresponse
signature: session
affect
Thisthe security:
ability
isonly\\refuse
the same of The as connection
computers
Negotiate running will
signing. failHowever,
Windows if NTLMv2 2000 Server,
if the LDAP notand/or
Windows
server's negotiated.
2000
NTLMv2 session
Professional,
intermediate
security.
Windows
saslBindInProgress XP, and
values
response
are dependent
the supports
Windows
does not Server
indicate 2003 thatfamily
LDAPto
M
System\\CurrentControlSet\\Services\\Wins
Send
Note: ThisNTLMv2 security setting behaves LM: Clients
as an account use NTLMv2 authentication only and use NTLMv2 session security if the server it; domain controllers
Require 128-bit encryption: The connection will failpolicy.
if strong Forencryption
domain accounts, (128-bit) there is not can be only one account policy. The account policy must be defined in the
negotiated.
Note:
Send
Require
policy NTLMv2
NTLMv2
applied toresponse
session
the only\\refuse
security: The
organizational unitLMthat & NTLM:
connection
contains Clients
willthefail use NTLMv2
if message
domain authentication
integrity
controller. only
is not negotiated.
By default, and use NTLMv2
workstations and servers session
that aresecurity
joinedif to thea server
domainsupports (for example, it; domainmemb co
Caution
Caution 128-bit
Require encryption. The connection will fail ifare strong encryption (128-bit)computers.
is not negotiated.
contains
Default: No therequirements.
member computers. Kerberos settings not applied to member
This setting does not affect interactive logons that are performed remotely by using such services as Telnet or Remote Desktop Services. Remote Desktop Serv
Important
If you setNo
Incorrectly
Default: the server
editing
requirements.thetoregistry
Requiremay signature,
severely you must also
damage yourset the client.
system. Before Notmakingsetting changes
the clienttoresults in a loss
the registry, you of should
connection backwith up any the valued
server.data on the computer.
policy will
This setting canhave affect nothe impactabilityonofcomputerscomputersrunning runningWindowsWindows2000. 2000 Server, Windows 2000 Professional, Windows XP Professional, and the Windows Server
Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers
Network security:
This policy settingRestrict NTLM:
allows you Incoming
to deny NTLM
or audit trafficNTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote ser
outgoing
Network
This security: Restrict NTLM: AuditorIncoming NTLM NTLM Traffic traffic.
If youpolicy selectsetting
"Allowallows all" or you do not to denyconfigure allowthis incoming
policy setting, the client computer can authenticate identities to a remote server by using NTLM authentication.
Network
This policy security:
setting Restrict
allows NTLM:
you to auditNTLM authentication
incoming NTLM in
traffic. this domain
If
If youyou select
select "Allow
"Audit all," all" orthedoclient not configure
computerthis logspolicy an event setting, for each the server NTLMwill allow all NTLM
authentication request authentication
to a remote requests.
server. This allows you to identify those servers rece
Network
This policy security:
setting Restrict
allows NTLM:
you to deny AuditorNTLM allow authentication
NTLM authentication in this domain within anotdomain from this domain controller. This policy does not affect interactive logon to th
If
If you
you select "Disable", or do not configure this policy setting, the server will log events for incoming NTLM traffic.
If you select
Network select "Deny
"DenyRestrict
security:
all
all,"domain
theNTLM:client accounts,"
computer
Add remote
thecannotserverauthenticate
server
will deny NTLM
exceptions identities
for
authentication
NTLM toauthentication
a remote requests
server for domain
by using NTLM logonauthentication.
and display anYou NTLM canblocked
use the error,
"Network but allow
security:locaR
This
If you policy
select setting
"Disabled" allows or you
do to audit
not configure NTLMthis authentication
policy setting, in thea domaindomain from this domain
controller will controller.
allow all NTLM pass-through authentication requests within the domain.
If
If you select
youpolicy
select "Enable
"Deny allauditing
accounts," for domain
the server accounts",
will deny the NTLM server will log events
authentication for NTLM
requests from pass-through
incoming traffic authentication
and displayrequests an NTLM that woulderror.
blocked be blocked when the "N
This
Network
This policy is
security: supported
setting Restrict
allows on youat to
NTLM: least Add
create Windowsserver
an this 7exceptions
exception or Windows list of Server
inremote
this domain 2008 R2.
servers to whichwill clients areevents
allowed toNTLM
use NTLM authentication ifdomain.
the "Network Security: Res
If
If you
you select
select "Disable"
"Deny or
forauditingdo
domainfor not configure
accounts to domain policy setting,
servers" the
the domain controller not log for authentication in this
If
This youpolicy
select is "Enable
supported on at areleast all Windows
accounts", the
7this
or Windowsserver will logdomain
Server events
2008
controller
for all NTLM will authentication
deny all NTLMrequests authentication that would logonbe attempts
blockedtowhen all servers in the domain
the "Network Security: th
Network
Note:
This
If youyoupolicy
security:
Audit
configure and
setting this
Allow
blockallows
policy
LocalSystem
events you to
setting, recorded
create
you can
NULL on session
an exception
define
fallback
acomputer
listofofremote
list in theservers
servers in thisR2.
"NTLMBlock" domain
to which Log located
toclients
which under
clients
are are
allowed theallowed
to Applications
use NTLM and
to useauthentication.
NTLM Services
pass-throughLog/Microsoft/Windows/Securi
authentication if the "Ne
If
If select
youpolicy
select "Enable
"Deny for domain
for domain accounts
account" to domain servers," the domain controller will log events for NTLM authentication logon attempts for domain accounts
This
Network
Note: isevents
security:
Block supported
Allow
are on
Local
recordedat least
System on Windows
this totheuse domain
computer 7 or
computer controller
Windows identity will
Server fordeny 2008
NTLM allR2.NTLM authentication logon attempts from domain accounts and return an NTLM block
Allow
If
If you
you
NTLM
configure
do not
to fall
thisback
configure policy to setting,
this
NULL
policy
session
you
setting, can when
no define used
exceptions ainlist the
with "NTLMBlock"
ofwillLocalSystem.
servers
be in this
applied.
Log domainlocated to under
which the clientsApplications
are allowed andtoServices
use NTLM Log/Microsoft/Windows/Security-NTLM.
authentication.
If
If you
you
Network select
select "Enable
"Deny
security: for
Allow for domain
domain
PKU2U accounts,"
servers"
authentication the the
domain domain
requests controllercontroller
to this will will
deny
computer log NTLM events
to use for NTLM
authentication
online authentication
identities. requests to logon
all serversattempts in the that
domain use domain
and return accounts
an NTLM when NTLMea
blocked
Note:
This default
The Audit events
policy setting
isconfigure
TRUE are
allows recorded
toLocal
upthis Windows on
System this
Vista computer
services
and FALSE in
that use the "NTLMBlock"
inwill Log located under the
Negotiate7.to use the computer identity when reverting to NTLM authentication.
Windows Applications and Services Log/Microsoft/Windows/Security-NTLM.
If
The you do
naming not format forforservers policy setting,
onservers"
this exception no exceptionslist iscontroller
theKerberos be applied.
fully qualified domain name (FQDN) or NetBIOS server name used in bythe thedomain
application, listed one per li
If
If
This you
Network
you select
select "Enable
security:
"Deny Configure
all," domain
the encryption
offdomain controller the
types domain
allowed
will deny for
allmachines.
NTLM will log
pass-through events for NTLM
authentication authentication
requests requests
from its toable
serversall servers
and for its accounts
to theand when returnNTLM an authent
NTLM
machb
If youpolicy
wildcard will
character.
enable thisbepolicy
turned setting, by default
services on domain
running as joined
Local System thatThis use would disallow
Negotiate willthe use online identities
the computer to be
identity. Thisto authenticate
might cause some domain
authentication joined reque
The
Recovery naming format
console: for
Allow servers
automatic on this exception
administrative list is
logon the fully qualified domain name (FQDN) or NetBIOS server name used by the calling application listed one
If youpolicy
This
This selectsetting
"Enable all" on
allows the
youatdomain
to setWindowscontroller
the encryption will log types eventsthat for NTLM is
Kerberos pass-through
allowed to use. authentication requests from its servers and for its accounts which would b
If youpolicy do notisconfigure
supported this policy least setting, services Server 2008
running R2.
as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymo
Recovery
This console: Allow floppy copy and access to all drives and all folders
This
If
Note: notsecurity
policy
Blockis
selected, setting
supported determines
the encryption on at least type if the
onwill
password
Windows
thisnot beServer for the
allowed. in 2008
Administrator
This R2. setting may account
affect must be givenwith
compatibility before
clientaccess
computers to theor system
services is granted. If this option
and applications. is enabled,
Multiple selections the
This
Shutdown: policy isevents
Allowsupported are recorded
system onto atbe least
shut Windowsdown
computer
without 7 or having
Windows the "NTLMBlock"
to SETServer
log on 2008 Log R2. located under the Applications and Services Log/Microsoft/Windows/Security-NTLM.
Enabling
Default: this
This security
policy option
is not makes the Recovery Console command available, which allows you to set the following Recovery Console environment variab
Note:policy
This Audit events
is supported are ondefined
recorded at least on and thisautomatic
Windows computer 7 oradministrative
in the "NTLMBlock"
Windows Server logon 2008 isLognot
R2. allowed.
located under the Applications and Services Log/Microsoft/Windows/Security-NTLM.
Shutdown:
This security Clear
setting virtual memory whether
determines pagefile a computer can be shut down without having to log on to Windows.
AllowWildCards: Enable wildcard support for some commands (such as the DEL command).
AllowAllPaths:
System
This cryptography:
security Allow determines
setting access
Use FIPS to allwhether
140filescompliant
and thefolders on
cryptographic
virtual memorythe computer. algorithms,
pagefile including encryption, hashing and signing algorithms
When this policy
AllowRemovableMedia: is enabled, Allowthe filesShut to be Down copied command to removable is available media, onis the
such
cleared
Windows when
as a floppy logonthe system
disk. screen. is shut down.
System
NoCopyPrompt: Cryptography: Do notForce
prompt strong
when key protection
overwriting for user keys stored disables on the computer
For
Virtual
When
thememory
Schannel
this policy
Security
support uses
is encryption,
disabled,
Service
a system
the
Provider
option pagefile
to shut
(SSP), toan
down swap existing
this security
pages
thecryptography
computer
file.
ofsetting
memory
does not diskthe
toappear when weaker
on
Secure
are not Sockets
theyWindows
the used.
logon On
Layer
screen.a running(SSL)system,
In this
protocols
case, thisand supportsopened
pagefile
must beisable
only theexclusive
Transp
3DES
that sensitive
System and AES
objects: for
information
Default from process
owner RSA
for or
objects ECC
memory public
created that key
bymight members goainto for the
pagefile
of the Administrators TLS key
isused. exchange
group toand
not available an authentication,
unauthorized user and only
who the users
managesSecure to Hashing
directly access
to log on(SHA
Algorithm the page
to th
This
Default: security
This setting
policy determines
is not defined if users'
and the private
recover keys console require SET password
command to
is be
not available.
Description
Default on workstations: Enabled.
For
System
When Encrypting
objects:
this File
RequireSystem case Serviceinsensitivity(EFS), it supports
for non-Windows the(SID)Triple
to subsystems Data Encryption theStandard (DES) andenable
Advanced Encryption Standard a (AES) encryption algorithm
This
Default
The
XP for on policy
security
options setting
servers:
encryptingare: is enabled,
file
determines
Disabled. it causeswhich the system
security pagefile
principal
data. For information about EFS, see Encrypting File System.
bewill cleared
be assigned upon clean shutdown.
OWNER If you
of objects when this security
the object is option,
created the
by hibernation
member offilethe(hiberfil.sys)
Administra
Default:
System objects: Strengthen default permissions of internal is system objects (e.g., Symbolic The Links)
This
Default:
Windows security
Disabled.
XP: setting
User determines
SID whether case insensitivity enforced for all subsystems. Win32 subsystem is case insensitive. However, the kernel suppor
User
For input
Remote isDesktop
not required Services,when itnew supportskeys are only stored
the and used
Triple DES encryption algorithm for encrypting Remote Desktop Services network communication.
Windows
System
User
This 2003
settings:
issetting
prompted : Administrators
Optional
when the subsystems Group
keyinsensitivity
isthefirst usedis enforced
If thissecurity setting
is enabled, determines
case strength of the default for alldiscretionary
directory objects, accesssymbolic control list links, (DACL)
and IO forobjects,
objects.including file objects. Disabling this setting does no
User
System must
Note:security Remote enter
settings: aUse
Desktop password Services
Certificate eachRuleswas time they
called
on use a key
Terminal
Windows Services
Executables in forprevious Software versions
Restrictionof Windows Policies Server.
This
For
Active more setting
information,
Directory maintainsdetermines
see Public
a global which
key subsystems
listinfrastructure. can optionally be
of shared system resources, such as DOS device names, mutexes, and started up to support your applications. With this securityInsetting,
semaphores. this way, youobjects
can specify
can beaslocatedmany
Default: Enabled.
User
For
This Accountsetting
BitLocker,
security Control:
this policy Adminneeds
determines Approval
to be enabled
if digital Mode for
certificatesbefore the are Built-in
anyprocessed Administrator
encryption key is
when aaccount
generated.
user or process Please note that
attempts to runwhen this policy
software withisanenabled,
.exe fileBitLocker
name extension.will prevent Thisthe securcre
Default:
Default:
If this POSIX.
This
policy ispolicy
enabled, is not the defined.
default DACL is stronger, allowing
on
User theAccount
digital certificate
Control: that
Behavior is associated
of the with
elevation the software.
prompt for In users
order for
administrators
whocertificate
are not administrators
in Admin rules
Approval to take Mode
to read
effect, you shared
must objects
enable but this not allowing
security these users to modify sh
setting.
This
Default: security
Disabled. setting determines the behavior of Admin Approval mode for the Built-in Administrator account.
Default:
When
User Enabled.
certificate
Account rulesdetermines
Control: are enabled,
Behavior of software restriction policies will check a certificate revocation list (CRL) to make sure the software's certificate and signature
This options
The securityare: setting thethe elevation
behavior of theprompt elevation for standard prompt users
for administrators
Note:security
This The Federal setting Information
determinesProcessing the behavior Standard
of the elevation (FIPS) 140 is a security
prompt for standard implementation
users designed for certifying cryptographic software. FIPS 140 validated s
User
Default: Account
Disabled. Control: Detect application installations and prompt for elevation
The
ò options
Enabled: The are: Built-in Administrator will logon in Admin Approval Mode. By default any operation that requires elevation of privilege will prompt the Consent Ad
The
Useroptions Account are:Control: Only elevate
This security setting determines the executables
behavior of application that are signed and validated
installation detection for the entire system.
ò Disabled:
ò Prompt forThe consent:
Built-in AnAdministrator
operation that willrequires
logon inelevation
XP compatibleof privilege mode will
and prompt
run allthe Consent Admin
applications to select with either Permit or Deny. If the Consent Admin sele
ò
User
This PromptAccount for
securityare: credentials:
Control: Only An operation
elevate that
UIAccess requires
applications
setting will enforce PKI signature checks on any interactive application elevation that of privilege
are installed willin prompt
secure the
that user
locations
requests to by default
enter an administrative
elevation
full administrative
of privilege. user Enterprisename privilege.
and password. can
administrators If the user ent
control the
The options
ò Prompt
Default:
User for
Disabled
Account credentials:
Control: Run An alloperation
users, that
including requires elevation
administrators, of
as privilege
standard will prompt
users. the Consent Admin to enter their user name and password. If the user ente
ò Automatically
This
The securityare:
options denywill
setting elevation
enforcerequests: the requirement This option thatresults applications in an access that request denied error message
execution being returned
with a UIAccess integrity to thelevel standard
(via a markinguser when they try to perform
of UIAccess=true an
in their
ò Enabled: Application installation packages that require an elevation of privilege to install will be heuristically detected and trigger the configured elevation prom
ò Elevate
User
This Account
security withoutsetting prompting:
Control: SwitchThis
determines to thetheoption secure
behavior allowsdesktop
of the
all Consent
UAC when Admin
prompting
policies for to for
the perform
elevation
entire an operation that requires elevation without consent or credentials. Note: this sce
system.
-Default:
ò à\Program
Enabled: Prompt Files\,
Enforces for including
credentials (home) /chain
PKI subdirectories
therunning certificate Automatically
validation deny a elevation
ofthat given executable requestsbefore (enterprise)it is permitted to run. like Group Policy Software Install (GPSI) or SMS will d
-ò
UserDisabled:
Default:
This Prompt
security
Enterprises
à\Windows\system32\
Account Control:
for
setting Virtualizesstandard
consent
determines file andthe
whether
users
registry desktops
elevation writerequest failures leverage
to per-user
will prompt
delegated
onlocations
the
installation technologies
interactive users desktop or the Secure Desktop.
The options
-ò à\Program are:
Files not (x86)\, including subdirectories
Disabled:
Default:
User Enabled
Account Does (home)
Control: enforce
Allow PKI certificate
/ Disabled
UIAccess (enterprise) chainfor
applications
64 bit versions
validationpromptbefore
to application for elevation aofgiven
Windows executable
without usingisthe permitted
secureinto run.
desktop.
This
The security
options setting
are: enables the redirection of legacy write failures to defined locations both the registry and file system. This feature mitigates tho
ò Enabled:
Note: Windows Admin Approval
enforces Mode and all other UAC policies are dependent on this option being enabled. Changing integrity this setting requires a systemof thereboot.
Default:
Maximum
This security Disabled
application
setting log asize
controls
PKI signature check on any interactive application that requests execution with UIAccess
whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable
level
the secure desktop
regardless
for
state of this
elevation promp
Virtualization
ò Enabled: All facilitates
elevation the running
requests by of pre-Vista
default will (legacy)
go to the applications
secure desktop that historically failed to run as Standard User. An administrator running only Windows Vist
ò
TheDisabled:
Maximumoptions Admin
are:
security Approval
log size Mode user type and all related UAC policies will be disabled. Note: the Security Center will notify that the overall security of the ope
This
If security
youoptions
enableare: setting specifies the maximum size of the application event log,
this setting, UIA programs including Windows Remote Assistance can automatically disable the secure desktop for elevation prompts. Unless you h which has a theoretical maximum of 4 GB. Practically the limit is lower (~300MB).
The
ò Disabled: All elevation requests will go to the interactive users desktop
Default:
Maximum
ò Enabled:
This Enabled
security system
An setting logspecifies
application size will only
the maximum launch with size UIAccess
of the security integrity if it resides
event log, which in ahas secure location inmaximum
a theoretical the file system. of 4 GB. Practically the limit is lower (~300MB).
Notes
If you disable or do notthe configure this setting, of theapplication
secure desktop can onlytobe disabled bylocations
the user for of the
ò Enabled:
Default:
Prevent Facilitates
Enabled
local guests group runtime
and redirection
ANONYMOUS LOGIN users writefrom failures
accessing defined
application user log bothinteractive
the file system desktop andorregistry.
by disabling the "User Account Co
This
ò securityAn
Disabled:
Notes setting
applicationspecifies will the launch maximum with size of the
UIAccess system
integrity event
even log,
ifis itnotdoes which has a in
not reside theoretical
a secure maximum
location in ofthe4 GB. Practically the limit is lower (~300MB).
file system.
Log
UIA file sizes
programs must be
are designed a multipletowrite of
interact 64 KB. If you
withprotected
Windows enter anda value that
application programs a multiple of
on behalf 64 KB, Event Viewer will round he log file size up to to a multiple of 64 KB.
ò Disabled:
Prevent
This localApplications
setting
security guests
does
setting group
notdetermines
appearthatand in the data
ANONYMOUSLocaltoComputer
if guests are prevented LOGIN locations
Policy users
from object. will simply
from
accessing accessing fail application
the as they
security did log inofprevious
event
a user. versions
log.
This setting allows UIA programs
of Windows. bypass the secure deskt
Notes
Default:
Log file Enabled
sizes must be a multiple of 64 KB. If you enter a value that is not a multiple of 64 KB, Event Viewer will round he log file size up to a multiple of 64 KB.
Event
Since Log
UIA sizeguests
programs and log mustwrapping
be able should
toLocal
respondbe defined toLOGIN
prompts to match the
regarding business security andsystem
security requirements you determined prompt,when UIA designing
programs your mustenterprise securityIn pla
Prevent
Default
This
Default:
Notes
local
:For
settingEnabled
security does
setting
the Windows
group
notdetermines
appear and
Serverin ANONYMOUS
the
if2003
guests Computer
are prevented
family, 16enter MB; Policyfor
users
from object.
Windows
from
accessing accessing
XPnot the issues,
application
Professional
suchlogevent
Service
as the log.
Pack
UAC elevation
1,Viewer
8 MB; for Windows XP Professional, 512
be highly trusted.
KB. of 64 KB.
o
Log
Event fileLog ..\Program
sizes size must
and be
logFiles\
a wrapping(and
multiple subfolders)
of 64
should KB. be If you
defined to a
matchvalue thethat is
business a multiple
and security of 64 KB, Event
requirements you will
determinedround he
when log file size
designing up to
your a multiple
enterprise security pla
Retain
This application
setting
security ..\Program
does
setting logdetermines
not Files
appear (x86)\
in the if(and Local
guests subfolders,
Computer
are prevented in Policy
64-bit versions
object. of Windows only)Service
Default:
Notes
This For
setting the
does Windows
notlog appear Serverin the 2003 Local family,
Computer 16 MB; Policyforfrom Windows
object.
accessing XP the application
Professional eventPack log. 1, 8 MB; for Windows XP Professional, 512 KB.
..\Windows\System32\
Event Log size and wrapping should be defined to match the business and security requirements you determined when designing your enterprise security pla
Retain
This security
security log
setting determines the number of16 days' worth of eventsXP toProfessional
be retained for the application
Default:
Notes
This For does
setting the Windows
notaffects
appear Serverin the 2003 Local family,
Computer MB; Policyfor Windows
object. Service Pack 1, 8 log MB;if for theWindows
retention XP method for the application
Professional, 512 KB. log is By Day
This security
The requirement
Retain system setting
log to be only
in a protected computers path can running
be disabled Windows by the 2000 "User and AccountWindowsControl: XP. Only elevate UIAccess applications that are installed in secure location
This
Set security
this value setting
onlynot if determines
you archive the
theLocalnumber
log atComputer of days' worth
scheduled intervals of eventsand you to be make retained
sure that for the the security
Maximum logapplication
if the retention log size method is large for the security
enough log is By Days.
to accommodate the in
This
This setting
security does
setting appear
affects in the
only computers running Policy
Windows object. 2000 and Windows XP.
Default:
Retention
Whilesecurity
This Enabled
this method
setting
setting for
forWindows
applies application
determinesto any XP, log
UIA
the Disabled
program,
number for
of Windows
itdays'
will be worth used 2000
of primarily
events to inbe certain
retained Windowsfor the Remote
system Assistance
log if the scenarios.
retention method The for Windows
the Remote
system log Assistance
is By Days. progr
Set
Note: this value
This settingonlydoes if younot archive
appear theinlog theatLocal scheduled Computer intervalsPolicy and object. you make sure that the Maximum security log size is large enough to accommodate the inter
This security
Default:
Retention Enabled
methodsetting for
for affects
Windows
security only XP,
log computers
Disabled running
for Windows Windows 2000 2000 and Windows XP.
IfDefault:
This
Seta user
this None.
security
requests
value setting
onlyremoteif determinesassistance
you archive the
the "wrapping"
from
log atan scheduled method
administrator for the
intervals andand application
the you remote make log.
assistance
sure thatsession the Maximum is established,
system log anysize elevation
is large prompts
enoughappear on the interactive
to accommodate the interv us
Notes
box when
Default:
Retention setting for
Enabled
method up
for the
Windowsremote
system XP,
log assistance
Disabled session.
for Windows However, 2000 selecting this check box itself requires that the interactive user respond to an elevation prompt on
This
If setting
security
you Thisdo not does
setting
archive not appear
determines
thenot in
application the
the Local
"wrapping"Computer method Policy for object.
the security log.
Note:
A user must setting
possess does the Manage appearauditing inlog,
theinLocal the Properties
Computer
and security
dialog box
logPolicy
user right object. for this policy, select the Define this policy setting check box, and then click Overwrite event
to access the security log.
Restricted
If yousecurity
Default:
This enable
None.Groups
this setting,
setting determines("User the Account "wrapping" Control: methodAllow for UIAccess
thebox system applications log. to prompt for elevation without using the secure desktop”), , requests for elevation
Default:
If
If you do
you archiveNone.
not archive
the log at forthe security
scheduled log, in the Properties
intervals, in the Properties dialog box dialog for this policy,
for this select
policy,the select Definethe this
Define policy thissetting
policy settingcheck box, check and then
box, andclick
then Overwrite
click Overwrite events e a
appropriate credentials elevation.
This
If you security
do setting
not archive allows
the an
system log, administrator in the Propertiesto define two properties
dialog box for this for security-sensitive
policy, select the groups
Define ("restricted"
this policy groups).
setting check box, andbox,thenand click Overwrite events as
If
If you archive
yousetting
must retain the logall the at scheduled
events intervals, in the Properties dialog box for this policy, select thethe Define this policy setting check then click DoOverwrite e
This does not change theinbehavior
the log, in of the
the Properties
UAC elevation dialog box
prompt forforthis policy,
administrators. select Define this policy setting check box, and then click not overwr
The
If you two
you must properties
archive the log are Members
at scheduled and Member
intervals, Of. The Members list defines who belongs and who does not belong to the restricted group. The Member Of list s
If
Note: retain all the events in the log,Localin inthethe Properties
Properties dialog
dialog box box forfor this this policy,
policy, select
select thethe Define
Define this this policy
policy setting
setting checkcheck box, box,and and
then then click
click DoOverwrite
not overwr e
If you Thisplan setting
to enable does thisnot appear
setting, you in should
the also Computer
review the Policyeffect object.
of the "User Account Control: Behavior of the elevation prompt for standard users" setting. If it
When
.If a Restricted Groups Policy is enforced, any current member of a restricted
you must retain all the events in the log, in the Properties dialog box for this policy, select the Define this policy setting check box, and then click Do not overw group that is not on the Members list is removed. Any user on the Members lis
Notes
Default: None.
System Services security settings
Registry
Allows ansecurity settings
administrator to define the startup mode (manual, automatic, or disabled) as well as the access permissions (Start, Stop, or Pause) for all system serv
File System
Allows security settings
Default:an administrator
Undefined. to define access permissions (on discretionary access control lists (DACLs)) and audit settings (on system access control lists (SACLs))
Allows an administrator to define access permissions (on discretionary access control lists (DACLs)) and audit settings (on system access control lists (SACLs))
Default:
Notes Undefined.
Default:
Note: Undefined.
This setting does not appear
This setting does not appear in the in the Local
Local Computer
Computer PolicyPolicy
object.object.
If you choose to set system service startup to Automatic, perform adequate testing to verify that the services can start without user intervention.
Note: This setting does not appear in the Local Computer Policy object.
For performance optimization, set unnecessary or unused services to Manual.
Reboot Comments
Required
No
No
No
No
No
No
No
No
No
No clients will get the new
setting after a maximum
No clients will but
of 8 hours get for
theDCsnew
setting
to assignafter a maximum
these new
No clients
of will but
8 hours get for
theDCsnew
settings
setting a Gpupdate
after a maximum
No to assign
/force
clientsis these
required
will but
get fornewor
theDCsnew
of 8 hours
settings a Gpupdate
waiting
setting
to assignfor
afterthe usual
a maximum
these new 5
No /force
clients
minutes
of is
8 hoursrequired
will get
when the or
theDCs
but for new
SCE
settings
waiting
setting a
for Gpupdate
afterthe usual
a maximum 5
No engine
to
/force isassigns
assign these
required all
newor
minutes
of 8 hours
modified
settings when
but the
for
settings.
a Gpupdate SCE
DCs
waiting
engine for the usual
new 5
No to
minutesisassigns
assign
/force these
required
when
all
theor SCE
modified
settings
waiting asettings.
Gpupdate
for the usual
No engineisassigns
/force required allor 5
minutes
modified when the SCE
waiting forsettings.
engine assignsthe usual
all 5
No minutes
modifiedwhen the SCE
settings.
No engine assigns all
modified settings.
No
No
No
No
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Note: In Windows 2000
Server, Windows 2000
No Logoff required
Professional, Windows
No XP Professional,
Note: See also the and
the Windows Server
corresponding Windows
No 2003
Logofffamily,
Server 2003 the
required
AllowTasklog
Scheduler
on locally automatically
policy
No Logoff required
grants
setting,this rightinas
earlier this
No necessary.
worksheet.
Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No Logoff required
No
No
No
No
No
Yes
Yes
No
Yes
No
No
No
No
No For the policy change to
take effect, the spooler
No service needs to be
No stopped/restarted, but
the system does not
No have to be rebooted.
Yes Restart of service might
be sufficient
No
No
No Important: In order to
take advantage of this
No policy on member
No workstations and
servers, all domain
No controllers that
constitute the member’s
No Important:
domain must This
besetting
running
applies
Windows to NT
Windows
4.0
No 2000 computers,
Service Pack 6 orbut it
No is not available through
higher.
the Security
In order to take
Configuration Manager
advantage of this policy
tools on these
on doma
No computers.
No
No
No
No
No
No
No Important: This setting
applies to Windows
No Important: This setting
2000 computers, but it
will apply
is not to anythrough
available
No Only LogOff
computers is required
running
the Security
for W2K, XP and W2K3
Windows
Configuration2000 through
Yes Important:
computers.
changes
ForInManager
in the
this
Vista,
registry,
tools
policy on
to these
take
start/restart effect on
the setting
Yes but the security
computers.
computers running
scpolicysvc
is not viewable will work or
Yes Windows
LogOff 2000,through
client-
the Security
side packet signing
Yes Configuration Manager
must also be enabled.
tool more
For set. information,
No search for "Security
Yes Settings
Important:Descriptions"
For this in
the Windows
policy to take Server
effect on
No 2003 Help. running
computers
No Windows 2000, server-
side packet signing
No must also be enabled.
For more information,
No search for "Security
No Settings
Important:Descriptions"
This policy in
the
has Windows
no impactServer
on
No 2003
domainHelp.
controllers. For
No more information,
search for "Security
No Settings Descriptions" in
the Windows Server
Yes 2003 Help.
No Important: The
Network access:
No Important: On
Remotely accessible
Windows
registry pathsXP, this security
Yes security setting was on
setting that appears
Yes called
computers"Networkrunningaccess:
Remotely
Windows XP accessible
No registry
Important:
correspondspaths."This Ifsetting
to theyou
configure
only affects
Network this setting on
computers
access:
No Important:
a member
running ofWindows
Windows the XP
Remotely
2000 Service accessible
Pack 2
No Windows
Professional
registry Server
paths which
and2003
are
(SP2)
family
not and
that
joined above
is
to joined
a offer
domain.to a
subpaths
compatibility security
with
No domain,
This
Important:
policy thiswill
policy
setting setting
This
onhave isno
setting
authentication
inherited
impact
can onby
affect to
computers
computers
the ability of
members
previous of the
versions Wiof
Yes running Windows
computers running2000.
Windows,
For more 2000
Windows such as
information,
Server,
No Warning:
Microsoft This setting
Windows NT
search
Windows
will applyforto"Security
2000 any
No 4.0.
Setting Descriptions"
Professional,
Warning: This settingin
Windows
computers
This setting running
can affect
the
XP
will Win
Professional,
apply
Windows to
2000 and
anythrough
the
the ability
Windows
computers ofrunning
computers
Server
changes
running in the
Windows registry
2000
2003
Windows
but thefamily2000
securityto through
setting
Server,
communicate
changes Windows
thewith
inviewable 2000
registry
will
Pr not be
computers
but therunning
the security
through setting
Security
Windows
will not beNT
Configuration 4.0
viewable and
Manager
earlier
tool set.over
through Forthe
the netwo
Security
more
No
No
No
No
No
No
No
No
No
No
No
No Require restart of
recoveryrestart
Require consoleof
No
recovery console
No Requires logoff
Yes Vista does NOT require
reboot
No
Yes Requires reboot with
CNG on Vista; Does not
No This policy
require does
reboot not
with
exist
CAPIon onVista
Vista; Does not
Yes
require reboot on XP,
Yes 2003 with CAPI
Yes
No
No
No
No
No
No
No
Yes
No
No
No
No Note: This setting does
not appear in the Local
No Note:
ComputerThisPolicy
settingobject.
does
No Note:
ComputerThisPolicy
settingobject.
does
not appear in
Important: the Local
Modifying
No Notes:
Computer This setting
Policy object.
this setting
does may affect
not appear in the
No compatibility
Notes: This with
setting
Local Computer Policy
clients,
does
object.notservices,
appear in andthe
No Note: This setting
applications.
Local Computer For does
Policy
This
not security setting
appear ininformation
the Local
No compatibility
object.
affects
Notes: only
This computers
setting
Computer
about
This this Policy
setting,
security object.
see
setting
running
does notWindows
appear in2000,the
No the "Event
affects
Notes:
Windows
Local only
ThisLog:
computers
setting
Server Policy
Computer 2003,
Maximum
running
does
and not
Windows
object. sec
Windows
appear in2000,
the
XP. does
No This
Note: security
Windows
Local ThisServer setting
setting
Computer 2003,
Policy
A user
affects
not must possess
onlyincomputers
appear the
No and
Note:Windows
object.
the Manage
This XP.Local
auditing
setting does
running
Computer
A user Windows
mustPolicy 2000,
object.
possess
and
not security
appear
Windows log2003,
in the
Server user
Local
No the Manage
Note:
right This auditing
setting
to access
Computer Policy does
theobject.
and
and
not Windows
security
appear inlogXP.
theuser
Local
No security
Note: log.setting
This does
right to acces
Computer Policy object.
Note: This setting does
Note: This Policy
Computer settingobject.
does
Note: This Policy
Computer settingobject.
does

Windows 10 ADMX Spreadsheet

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Windows 10 ADMX Spreadsheet

Încărcat de

Drepturi de autor:

Formate disponibile

Group Policy Settings Reference

Ó 2015 Microsoft Corporation. All rights reserved.

All other trademarks are property of their respective owners.

based on one value or a combination of values that are available

eb site references, may change without notice.

py and use this document for your internal, reference purposes.

Computer Configuration\Windows Settings\Account Policies\Password Policy

Enforce password history At least Windows XP SP2, Windows Server 2003

Password Policy security settings are not registry keys.

Enforce password history

S-ar putea să vă placă și